Organízate con las colecciones
Guarda y clasifica el contenido según tus preferencias.
Roles y permisos de gestión de identidades y accesos de BigQuery
En este documento se proporciona una lista de roles predefinidos y permisos de Gestión de Identidades y Accesos (IAM) para BigQuery. En esta página se incluyen los roles y permisos de los siguientes elementos:
BigQuery: roles y permisos que se aplican a los recursos de BigQuery, como conjuntos de datos, tablas, vistas y rutinas. Muchos de estos roles y permisos también se pueden conceder a recursos de Resource Manager, como proyectos, carpetas y organizaciones.
API Connection de BigQuery: rol que concede a un agente de servicio acceso a una conexión de Cloud SQL.
Consulta continua de BigQuery: rol que concede a una cuenta de servicio acceso a una consulta continua.
Política de datos de BigQuery: roles y permisos que se aplican a las políticas de datos de BigQuery.
BigQuery Data Transfer Service: rol que concede a un agente de servicio acceso para crear tareas que transfieran datos.
BigQuery Engine para Apache Flink: roles y permisos que se aplican a los recursos de BigQuery Engine para Apache Flink.
API BigQuery Migration Service: roles y permisos que se aplican a los recursos de BigQuery Migration Service.
BigQuery Omni: rol que concede a un agente de servicio acceso a las tablas.
Compartir en BigQuery: roles y permisos que se aplican a los recursos compartidos de BigQuery.
Roles predefinidos de gestión de identidades y accesos de BigQuery
En las siguientes tablas se indican los roles de gestión de identidades y accesos (IAM) de BigQuery predefinidos, junto con una lista de todos los permisos que incluye cada rol. Ten en cuenta que cada permiso se aplica a un tipo de recurso concreto.
Roles de BigQuery
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos de BigQuery. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Provides permissions to manage all resources within the project. Can manage
all data within the project, and can cancel jobs from other users running
within the project.
It is possible to grant this role to the following lowest-level resources, but it is not
recommended. Other predefined roles grant full permissions over these resources and are less
permissive. BigQuery Admin is typically granted at the project level.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Table
View
Routine
Connection
Saved query
Data canvas
Pipeline
Data preparation
Repository
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
Grants Connected Sheets Service Account access to create and manage BigQuery jobs on the customers resources.
bigquery.datasets.get
bigquery.jobs.create
bigquery.tables.create
bigquery.tables.update
bigquery.tables.updateData
BigQuery Connection Admin
(roles/bigquery.connectionAdmin)
Lowest-level resources where you can grant this role:
Connection
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.connections.*
bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use
BigQuery Connection User
(roles/bigquery.connectionUser)
Lowest-level resources where you can grant this role:
Connection
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.use
BigQuery Data Editor
(roles/bigquery.dataEditor)
When granted on a dataset, this role grants these permissions:
Get metadata and permissions for the dataset.
For tables and views:
Create, update, get, list, and delete the dataset's tables and
views.
Read (query), export, replicate, and update table data.
Create, update, and delete indexes.
Create and restore snapshots.
All permissions for the dataset's routines and models.
When granted on a table or view, this role grants these permissions:
Get metadata, update metadata, get access controls, and delete the
table or view.
Get (query), export, replicate, and update table data.
Create, update, and delete indexes.
Create and restore snapshots.
All permissions for the routine.
The Data Editor role cannot be granted to individual models.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Table
View
Routine
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.config.get
bigquery.datasets.create
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.updateTag
bigquery.models.*
bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag
bigquery.routines.*
bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag
bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag
cloudkms.keyHandles.*
cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.update
dataplex.operations.get
dataplex.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Data Owner
(roles/bigquery.dataOwner)
When granted on a dataset, this role grants these permissions:
All permissions for the dataset and for all of the resources within
the dataset: tables and views, models, and routines.
When granted on a table or view, this role grants these permissions:
All permissions for the table or view.
All permissions for row access policies except permission to
override time travel restrictions.
Set categories and column-level data policies.
When granted on a routine, this role grants these permissions:
All permissions for the routine.
You shouldn't grant the Data Owner role at the routine
level. Data Editor also grants all permissions for the routine and is a
less permissive role.
This role cannot be granted to individual models.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Table
View
Routine
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.config.get
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
bigquery.datasets.*
bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag
bigquery.models.*
bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag
bigquery.routines.*
bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag
bigquery.rowAccessPolicies.create
bigquery.rowAccessPolicies.delete
bigquery.rowAccessPolicies.get
bigquery.rowAccessPolicies.getIamPolicy
bigquery.rowAccessPolicies.list
bigquery.rowAccessPolicies.setIamPolicy
bigquery.rowAccessPolicies.update
bigquery.tables.*
bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag
cloudkms.keyHandles.*
cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
dataplex.datascans.*
dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update
dataplex.operations.get
dataplex.operations.list
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Data Viewer
(roles/bigquery.dataViewer)
When granted on a dataset, this role grants these permissions:
Get metadata and permissions for the dataset.
List a dataset's tables, views, and models.
Get metadata and access controls for the dataset's tables and views.
Get (query), replicate, and export table data and create snapshots.
List and invoke the dataset's routines.
When granted on a table or view, this role provides these permissions:
Get metadata and access controls for the table or view.
Get (query), export, and replicate table data.
Create snapshots.
When granted on a routine, this role grants these permissions:
In a query, reference a routine created by someone else.
This role cannot be granted to individual models.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Table
View
Routine
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.routines.get
bigquery.routines.list
bigquery.tables.createSnapshot
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.replicateData
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Filtered Data Viewer
(roles/bigquery.filteredDataViewer)
Access to view filtered table data defined by a row access policy.
bigquery.filteredDataViewer is a system-managed role. Grant the role by using
row-level access policies. Don't apply the role directly to a resource through
Identity and Access Management (IAM).
bigquery.rowAccessPolicies.getFilteredData
BigQuery Job User
(roles/bigquery.jobUser)
Provides permissions to run jobs, including queries, within the project.
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.config.get
bigquery.jobs.create
dataform.locations.*
dataform.locations.get
dataform.locations.list
dataform.repositories.create
dataform.repositories.list
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Metadata Viewer
(roles/bigquery.metadataViewer)
When granted on a dataset, this role grants these permissions:
Get metadata and access controls for the dataset.
Get metadata and access controls for tables and views.
Get metadata from the dataset's models and routines.
List tables, views, models, and routines in the dataset.
When granted on a table or view, this role provides these permissions:
Get metadata and access controls for the table or view.
When granted on a routine, this role grants these permissions:
In a query, reference a routine created by someone else.
This role cannot be granted to individual models.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Table
View
Routine
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.models.getMetadata
bigquery.models.list
bigquery.routines.get
bigquery.routines.list
bigquery.tables.get
bigquery.tables.getIamPolicy
bigquery.tables.list
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery ObjectRef Admin
(roles/bigquery.objectRefAdmin)
Administer ObjectRef resources that includes read and write permissions
Lowest-level resources where you can grant this role:
Connection
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.objectRefs.*
bigquery.objectRefs.read
bigquery.objectRefs.write
BigQuery ObjectRef Reader
(roles/bigquery.objectRefReader)
Role for reading referenced objects via ObjectRefs in BigQuery
Lowest-level resources where you can grant this role:
Connection
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.objectRefs.read
BigQuery Read Session User
(roles/bigquery.readSessionUser)
Provides the ability to create and use read sessions.
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.readsessions.*
bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Resource Admin
(roles/bigquery.resourceAdmin)
Administers BigQuery workloads, including slot assignments, commitments, and reservations.
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
Manages BigQuery workloads, but is unable to create or modify slot commitments.
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.reservationAssignments.*
bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservationGroups.*
bigquery.reservationGroups.create
bigquery.reservationGroups.delete
bigquery.reservationGroups.get
bigquery.reservationGroups.list
bigquery.reservations.*
bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Resource Viewer
(roles/bigquery.resourceViewer)
Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservationGroups.get
bigquery.reservationGroups.list
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
resourcemanager.projects.get
resourcemanager.projects.list
BigQuery Security Admin
Beta
(roles/bigquery.securityAdmin)
Administer all BigQuery security controls
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
bigquery.datasets.createTagBinding
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag
bigquery.rowAccessPolicies.create
bigquery.rowAccessPolicies.delete
bigquery.rowAccessPolicies.get
bigquery.rowAccessPolicies.getIamPolicy
bigquery.rowAccessPolicies.list
bigquery.rowAccessPolicies.setIamPolicy
bigquery.rowAccessPolicies.update
bigquery.tables.createTagBinding
bigquery.tables.deleteTagBinding
bigquery.tables.get
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateTag
dataplex.projects.search
BigQuery Studio Admin
(roles/bigquery.studioAdmin)
Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin and Dataproc
Serverless Editor.
It is possible to grant this role to the following lowest-level resources, but it is not
recommended. Other predefined roles grant full permissions over these resources and are less
permissive. BigQuery Studio Admin is typically granted at the project level.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Table
View
Routine
Connection
Saved query
Data canvas
Data preparation
Pipeline
Repository
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
When granted on a dataset, this role provides the ability to read the dataset's metadata and list
tables in the dataset.
When granted on a project, this role also provides the ability to run jobs, including queries,
within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and
enumerate datasets within a project. Additionally, allows the creation of new datasets within the
project; the creator is granted the BigQuery Data Owner role (roles/bigquery.dataOwner)
on these new datasets.
Lowest-level resources where you can grant this role:
Dataset
These resources within a dataset:
Routine
This role can also be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.config.get
bigquery.datasets.create
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.jobs.create
bigquery.jobs.list
bigquery.models.list
bigquery.readsessions.*
bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservationGroups.get
bigquery.reservationGroups.list
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.use
bigquery.routines.list
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.tables.list
bigquery.transfers.get
bigquerymigration.translation.translate
cloudkms.keyHandles.*
cloudkms.keyHandles.create
cloudkms.keyHandles.get
cloudkms.keyHandles.list
cloudkms.operations.get
cloudkms.projects.showEffectiveAutokeyConfig
dataform.locations.*
dataform.locations.get
dataform.locations.list
dataform.repositories.create
dataform.repositories.list
dataplex.projects.search
resourcemanager.projects.get
resourcemanager.projects.list
Roles de la API Connection de BigQuery
En esta tabla se indican los roles y permisos de gestión de identidades y accesos predefinidos de la API de conexión de BigQuery. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
BigQuery Connection Service Agent
(roles/bigqueryconnection.serviceAgent)
Gives BigQuery Connection Service access to Cloud SQL instances in user projects.
cloudsql.instances.connect
cloudsql.instances.get
logging.logEntries.create
logging.logEntries.route
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
telemetry.metrics.write
Roles de consultas continuas de BigQuery
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos de BigQuery Continuous Query. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
BigQuery Continuous Query Service Agent
(roles/bigquerycontinuousquery.serviceAgent)
Gives BigQuery Continuous Query access to the service accounts in the user project.
iam.serviceAccounts.getAccessToken
Roles de política de datos de BigQuery
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos de la política de datos de BigQuery. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
BigQuery Data Policy Admin
(roles/bigquerydatapolicy.admin)
Role for managing Data Policies in BigQuery
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
Masked Reader
(roles/bigquerydatapolicy.maskedReader)
Masked read access to sub-resources tagged by the policy tag associated with a data policy, for
example, BigQuery columns
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.dataPolicies.maskedGet
Raw Data Reader
Beta
(roles/bigquerydatapolicy.rawDataReader)
Raw read access to sub-resources associated with a data policy, for example, BigQuery columns
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.dataPolicies.getRawData
BigQuery Data Policy Viewer
(roles/bigquerydatapolicy.viewer)
Role for viewing Data Policies in BigQuery
This role can only be granted on Resource Manager resources (projects, folders, and
organizations).
bigquery.dataPolicies.get
bigquery.dataPolicies.list
Roles de BigQuery Data Transfer Service
En esta tabla se indican los roles y permisos de gestión de identidades y accesos predefinidos de BigQuery Data Transfer Service. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
BigQuery Data Transfer Service Agent
(roles/bigquerydatatransfer.serviceAgent)
Gives BigQuery Data Transfer Service access to start BigQuery jobs in consumer project.
bigquery.config.get
bigquery.connections.delegate
bigquery.jobs.create
compute.networkAttachments.get
compute.networkAttachments.update
compute.regionOperations.get
compute.subnetworks.use
dataform.locations.*
dataform.locations.get
dataform.locations.list
dataform.repositories.create
dataform.repositories.list
iam.serviceAccounts.getAccessToken
logging.logEntries.create
logging.logEntries.route
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.services.use
Roles de BigQuery Engine para Apache Flink
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos de BigQuery Engine para Apache Flink. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
Managed Flink Admin
Beta
(roles/managedflink.admin)
Full access to Managed Flink resources.
managedflink.*
managedflink.deployments.create
managedflink.deployments.delete
managedflink.deployments.get
managedflink.deployments.list
managedflink.deployments.update
managedflink.jobs.create
managedflink.jobs.delete
managedflink.jobs.get
managedflink.jobs.list
managedflink.jobs.update
managedflink.locations.get
managedflink.locations.list
managedflink.operations.cancel
managedflink.operations.delete
managedflink.operations.get
managedflink.operations.list
managedflink.sessions.create
managedflink.sessions.delete
managedflink.sessions.get
managedflink.sessions.list
managedflink.sessions.update
resourcemanager.projects.get
resourcemanager.projects.list
Managed Flink Developer
Beta
(roles/managedflink.developer)
Full access to Managed Flink Jobs and Sessions and read access to Deployments.
managedflink.deployments.get
managedflink.deployments.list
managedflink.jobs.*
managedflink.jobs.create
managedflink.jobs.delete
managedflink.jobs.get
managedflink.jobs.list
managedflink.jobs.update
managedflink.locations.*
managedflink.locations.get
managedflink.locations.list
managedflink.operations.get
managedflink.operations.list
managedflink.sessions.*
managedflink.sessions.create
managedflink.sessions.delete
managedflink.sessions.get
managedflink.sessions.list
managedflink.sessions.update
resourcemanager.projects.get
resourcemanager.projects.list
Managed Flink Service Agent
(roles/managedflink.serviceAgent)
Gives Managed Flink Service Agent access to Cloud Platform resources.
compute.networkAttachments.create
compute.networkAttachments.delete
compute.networkAttachments.get
compute.networkAttachments.list
compute.networkAttachments.update
compute.networks.get
compute.networks.list
compute.regionOperations.get
compute.subnetworks.get
compute.subnetworks.list
compute.subnetworks.use
dns.networks.targetWithPeeringZone
managedkafka.clusters.get
managedkafka.clusters.list
managedkafka.clusters.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.*
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
serviceusage.services.use
storage.objects.get
Managed Flink Viewer
Beta
(roles/managedflink.viewer)
Readonly access to Managed Flink resources.
managedflink.deployments.get
managedflink.deployments.list
managedflink.jobs.get
managedflink.jobs.list
managedflink.locations.*
managedflink.locations.get
managedflink.locations.list
managedflink.operations.get
managedflink.operations.list
managedflink.sessions.get
managedflink.sessions.list
resourcemanager.projects.get
resourcemanager.projects.list
Roles de BigQuery Migration Service
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos de BigQuery Migration Service. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
User of EDW migration interactive SQL translation service.
bigquerymigration.translation.translate
MigrationWorkflow Viewer
(roles/bigquerymigration.viewer)
Viewer of EDW migration MigrationWorkflow.
bigquerymigration.subtasks.*
bigquerymigration.subtasks.get
bigquerymigration.subtasks.list
bigquerymigration.workflows.get
bigquerymigration.workflows.list
Task Worker
(roles/bigquerymigration.worker)
Worker that executes EDW migration subtasks.
storage.objects.create
storage.objects.get
storage.objects.list
Roles de BigQuery Omni
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos de BigQuery Omni. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
BigQuery Omni Service Agent
(roles/bigqueryomni.serviceAgent)
Gives BigQuery Omni access to tables in user projects.
bigquery.jobs.create
bigquery.tables.updateData
Roles de uso compartido de BigQuery
En esta tabla se enumeran los roles y permisos de gestión de identidades y accesos predefinidos para compartir datos en BigQuery. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Role
Permissions
Analytics Hub Admin
(roles/analyticshub.admin)
Administer Data Exchanges and Listings
analyticshub.dataExchanges.create
analyticshub.dataExchanges.delete
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.dataExchanges.setIamPolicy
analyticshub.dataExchanges.update
analyticshub.dataExchanges.viewSubscriptions
analyticshub.listings.create
analyticshub.listings.delete
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
analyticshub.listings.setIamPolicy
analyticshub.listings.update
analyticshub.listings.viewSubscriptions
analyticshub.subscriptions.*
analyticshub.subscriptions.create
analyticshub.subscriptions.delete
analyticshub.subscriptions.get
analyticshub.subscriptions.list
analyticshub.subscriptions.update
resourcemanager.projects.get
resourcemanager.projects.list
Analytics Hub Listing Admin
(roles/analyticshub.listingAdmin)
Grants full control over the Listing, including updating, deleting and setting ACLs
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.listings.delete
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
analyticshub.listings.setIamPolicy
analyticshub.listings.update
analyticshub.listings.viewSubscriptions
resourcemanager.projects.get
resourcemanager.projects.list
Analytics Hub Publisher
(roles/analyticshub.publisher)
Can publish to Data Exchanges thus creating Listings
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.listings.create
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
resourcemanager.projects.get
resourcemanager.projects.list
Analytics Hub Subscriber
(roles/analyticshub.subscriber)
Can browse Data Exchanges and subscribe to Listings
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.dataExchanges.subscribe
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
analyticshub.listings.subscribe
resourcemanager.projects.get
resourcemanager.projects.list
Analytics Hub Subscription Owner
(roles/analyticshub.subscriptionOwner)
Grants full control over the Subscription, including updating and deleting
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
analyticshub.subscriptions.*
analyticshub.subscriptions.create
analyticshub.subscriptions.delete
analyticshub.subscriptions.get
analyticshub.subscriptions.list
analyticshub.subscriptions.update
resourcemanager.projects.get
resourcemanager.projects.list
Analytics Hub Viewer
(roles/analyticshub.viewer)
Can browse Data Exchanges and Listings
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
resourcemanager.projects.get
resourcemanager.projects.list
Permisos de BigQuery
En las siguientes tablas se indican los permisos disponibles en BigQuery. Se incluyen en roles predefinidos y se pueden usar en definiciones de roles personalizados. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.
Permisos de BigQuery
En esta tabla se indican los permisos de gestión de identidades y accesos de BigQuery y los roles que los incluyen. Para buscar todos los roles y permisos, consulta el índice de roles y permisos.