BigQuery IAM roles and permissions

This document provides a list of Identity and Access Management (IAM) predefined roles and permissions for BigQuery. This page includes roles and permissions for the following:

  • BigQuery: Roles and permissions that apply to BigQuery resources such as datasets, tables, views, and routines. Many of these roles and permissions can also be granted to Resource Manager resources like projects, folders, and organizations.
  • BigQuery Connection API: Role that grants a service agent access to a Cloud SQL connection.
  • BigQuery Continuous Query: Role that grants a service account access to a continuous query.
  • BigQuery Data Policy: Roles and permissions that apply to Data Policies in BigQuery.
  • BigQuery Data Transfer Service: Role that grants a service agent access to create jobs that transfer data.
  • BigQuery Engine for Apache Flink: Roles and permissions that apply to BigQuery Engine for Apache Flink resources.
  • BigQuery Migration Service API: Roles and permissions that apply to BigQuery Migration Service resources.
  • BigQuery Omni: Role that grants a service agent access to tables.
  • BigQuery sharing: Roles and permissions that apply to BigQuery sharing resources.

BigQuery predefined IAM roles

The following tables list the predefined BigQuery IAM roles with a corresponding list of all the permissions each role includes. Note that each permission is applicable to a particular resource type.

BigQuery roles

This table lists the IAM roles and permissions for BigQuery. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigquery.admin)

Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Table
    • View
    • Routine
  • Connection
  • Saved query
  • Data canvas
  • Pipeline
  • Data preparation
  • Repository

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.bireservations.*

  • bigquery.bireservations.get
  • bigquery.bireservations.update

bigquery.capacityCommitments.*

  • bigquery.capacityCommitments.create
  • bigquery.capacityCommitments.delete
  • bigquery.capacityCommitments.get
  • bigquery.capacityCommitments.list
  • bigquery.capacityCommitments.update

bigquery.config.*

  • bigquery.config.get
  • bigquery.config.update

bigquery.connections.*

  • bigquery.connections.create
  • bigquery.connections.delegate
  • bigquery.connections.delete
  • bigquery.connections.get
  • bigquery.connections.getIamPolicy
  • bigquery.connections.list
  • bigquery.connections.setIamPolicy
  • bigquery.connections.update
  • bigquery.connections.updateTag
  • bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

  • bigquery.datasets.create
  • bigquery.datasets.createTagBinding
  • bigquery.datasets.delete
  • bigquery.datasets.deleteTagBinding
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.datasets.link
  • bigquery.datasets.listEffectiveTags
  • bigquery.datasets.listSharedDatasetUsage
  • bigquery.datasets.listTagBindings
  • bigquery.datasets.setIamPolicy
  • bigquery.datasets.update
  • bigquery.datasets.updateTag

bigquery.jobs.*

  • bigquery.jobs.create
  • bigquery.jobs.delete
  • bigquery.jobs.get
  • bigquery.jobs.list
  • bigquery.jobs.listAll
  • bigquery.jobs.listExecutionMetadata
  • bigquery.jobs.update

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.objectRefs.*

  • bigquery.objectRefs.read
  • bigquery.objectRefs.write

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

bigquery.reservationAssignments.*

  • bigquery.reservationAssignments.create
  • bigquery.reservationAssignments.delete
  • bigquery.reservationAssignments.list
  • bigquery.reservationAssignments.search

bigquery.reservations.*

  • bigquery.reservations.create
  • bigquery.reservations.delete
  • bigquery.reservations.get
  • bigquery.reservations.list
  • bigquery.reservations.listFailoverDatasets
  • bigquery.reservations.update
  • bigquery.reservations.use

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

  • bigquery.savedqueries.create
  • bigquery.savedqueries.delete
  • bigquery.savedqueries.get
  • bigquery.savedqueries.list
  • bigquery.savedqueries.update

bigquery.tables.*

  • bigquery.tables.create
  • bigquery.tables.createIndex
  • bigquery.tables.createSnapshot
  • bigquery.tables.createTagBinding
  • bigquery.tables.delete
  • bigquery.tables.deleteIndex
  • bigquery.tables.deleteSnapshot
  • bigquery.tables.deleteTagBinding
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • bigquery.tables.listEffectiveTags
  • bigquery.tables.listTagBindings
  • bigquery.tables.replicateData
  • bigquery.tables.restoreSnapshot
  • bigquery.tables.setCategory
  • bigquery.tables.setColumnDataPolicy
  • bigquery.tables.setIamPolicy
  • bigquery.tables.update
  • bigquery.tables.updateData
  • bigquery.tables.updateIndex
  • bigquery.tables.updateTag

bigquery.transfers.*

  • bigquery.transfers.get
  • bigquery.transfers.update

bigquerymigration.translation.translate

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

dataform.*

  • dataform.commentThreads.create
  • dataform.commentThreads.delete
  • dataform.commentThreads.get
  • dataform.commentThreads.list
  • dataform.commentThreads.update
  • dataform.comments.create
  • dataform.comments.delete
  • dataform.comments.get
  • dataform.comments.list
  • dataform.comments.update
  • dataform.compilationResults.create
  • dataform.compilationResults.get
  • dataform.compilationResults.list
  • dataform.compilationResults.query
  • dataform.config.get
  • dataform.config.update
  • dataform.locations.get
  • dataform.locations.list
  • dataform.releaseConfigs.create
  • dataform.releaseConfigs.delete
  • dataform.releaseConfigs.get
  • dataform.releaseConfigs.list
  • dataform.releaseConfigs.update
  • dataform.repositories.commit
  • dataform.repositories.computeAccessTokenStatus
  • dataform.repositories.create
  • dataform.repositories.delete
  • dataform.repositories.fetchHistory
  • dataform.repositories.fetchRemoteBranches
  • dataform.repositories.get
  • dataform.repositories.getIamPolicy
  • dataform.repositories.list
  • dataform.repositories.queryDirectoryContents
  • dataform.repositories.readFile
  • dataform.repositories.setIamPolicy
  • dataform.repositories.update
  • dataform.workflowConfigs.create
  • dataform.workflowConfigs.delete
  • dataform.workflowConfigs.get
  • dataform.workflowConfigs.list
  • dataform.workflowConfigs.update
  • dataform.workflowInvocations.cancel
  • dataform.workflowInvocations.create
  • dataform.workflowInvocations.delete
  • dataform.workflowInvocations.get
  • dataform.workflowInvocations.list
  • dataform.workflowInvocations.query
  • dataform.workspaces.commit
  • dataform.workspaces.create
  • dataform.workspaces.delete
  • dataform.workspaces.fetchFileDiff
  • dataform.workspaces.fetchFileGitStatuses
  • dataform.workspaces.fetchGitAheadBehind
  • dataform.workspaces.get
  • dataform.workspaces.getIamPolicy
  • dataform.workspaces.installNpmPackages
  • dataform.workspaces.list
  • dataform.workspaces.makeDirectory
  • dataform.workspaces.moveDirectory
  • dataform.workspaces.moveFile
  • dataform.workspaces.pull
  • dataform.workspaces.push
  • dataform.workspaces.queryDirectoryContents
  • dataform.workspaces.readFile
  • dataform.workspaces.removeDirectory
  • dataform.workspaces.removeFile
  • dataform.workspaces.reset
  • dataform.workspaces.searchFiles
  • dataform.workspaces.setIamPolicy
  • dataform.workspaces.writeFile

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.connectionAdmin)

Lowest-level resources where you can grant this role:

  • Connection

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.connections.*

  • bigquery.connections.create
  • bigquery.connections.delegate
  • bigquery.connections.delete
  • bigquery.connections.get
  • bigquery.connections.getIamPolicy
  • bigquery.connections.list
  • bigquery.connections.setIamPolicy
  • bigquery.connections.update
  • bigquery.connections.updateTag
  • bigquery.connections.use

(roles/bigquery.connectionUser)

Lowest-level resources where you can grant this role:

  • Connection

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.connections.get

bigquery.connections.getIamPolicy

bigquery.connections.list

bigquery.connections.use

(roles/bigquery.dataEditor)

When granted on a table or view, this role provides permissions to:

  • Read and update data and metadata for the table or view.
  • Delete the table or view.

This role cannot be granted to individual models.

When granted on a dataset, this role provides permissions to:

  • Read the dataset's metadata and list tables in the dataset.
  • Create, update, get, and delete the dataset's tables.

The BigQuery Data Editor role is mapped to the WRITER BigQuery basic role. When you grant the BigQuery Data Editor role to a principal at the dataset level, the principal is granted WRITER access to the dataset.

When applied at the project or organization level, this role also lets users create new datasets.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Table
    • View
    • Routine

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.datasets.updateTag

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.tables.create

bigquery.tables.createIndex

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteIndex

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.tables.replicateData

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

bigquery.tables.updateIndex

bigquery.tables.updateTag

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.dataOwner)

When granted on a table or view, this role provides permissions to:

  • Read and update data and metadata for the table or view.
  • Share the table or view.
  • Delete the table or view.

This role cannot be granted to individual models.

When granted on a dataset, this role provides permissions to:

  • Read, update, and delete the dataset.
  • Create, update, get, and delete the dataset's tables.

The BigQuery Data Owner role is mapped to the OWNER BigQuery basic role. When you grant the BigQuery Data Owner role to a principal at the dataset level, the principal is granted OWNER access to the dataset.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Table
    • View
    • Routine

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.config.get

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

  • bigquery.datasets.create
  • bigquery.datasets.createTagBinding
  • bigquery.datasets.delete
  • bigquery.datasets.deleteTagBinding
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.datasets.link
  • bigquery.datasets.listEffectiveTags
  • bigquery.datasets.listSharedDatasetUsage
  • bigquery.datasets.listTagBindings
  • bigquery.datasets.setIamPolicy
  • bigquery.datasets.update
  • bigquery.datasets.updateTag

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.tables.*

  • bigquery.tables.create
  • bigquery.tables.createIndex
  • bigquery.tables.createSnapshot
  • bigquery.tables.createTagBinding
  • bigquery.tables.delete
  • bigquery.tables.deleteIndex
  • bigquery.tables.deleteSnapshot
  • bigquery.tables.deleteTagBinding
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • bigquery.tables.listEffectiveTags
  • bigquery.tables.listTagBindings
  • bigquery.tables.replicateData
  • bigquery.tables.restoreSnapshot
  • bigquery.tables.setCategory
  • bigquery.tables.setColumnDataPolicy
  • bigquery.tables.setIamPolicy
  • bigquery.tables.update
  • bigquery.tables.updateData
  • bigquery.tables.updateIndex
  • bigquery.tables.updateTag

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.dataViewer)

When granted on a table or view, this role provides permissions to:

  • Read data and metadata from the table or view.

This role cannot be granted to individual models.

When granted on a dataset, this role provides permissions to list all of the resources in the dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata with applicable APIs and in queries.

The BigQuery Data Viewer role is mapped to the READER BigQuery basic role. When you grant the BigQuery Data Viewer role to a principal at the dataset level, the principal is granted READER access to the dataset.

When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Table
    • View
    • Routine

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.createSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.getIamPolicy

bigquery.tables.list

bigquery.tables.replicateData

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.filteredDataViewer)

Access to view filtered table data defined by a row access policy. bigquery.filteredDataViewer is a system-managed role. Grant the role by using row-level access policies. Don't apply the role directly to a resource through Identity and Access Management (IAM).

bigquery.rowAccessPolicies.getFilteredData

(roles/bigquery.jobUser)

Provides permissions to run jobs, including queries, within the project.

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.config.get

bigquery.jobs.create

dataform.locations.*

  • dataform.locations.get
  • dataform.locations.list

dataform.repositories.create

dataform.repositories.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.metadataViewer)

When granted on a table or view, this role provides permissions to:

  • Read metadata from the table or view.

This role cannot be granted to individual models.

When granted on a dataset, this role provides permissions to:

  • List tables and views in the dataset.
  • Read metadata from the dataset's tables and views.

When applied at the project or organization level, this role provides permissions to:

  • List all datasets and read metadata for all datasets in the project.
  • List all tables and views and read metadata for all tables and views in the project.

Additional roles are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Table
    • View
    • Routine

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.get

bigquery.tables.getIamPolicy

bigquery.tables.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.objectRefAdmin)

Administer ObjectRef resources that includes read and write permissions

Lowest-level resources where you can grant this role:

  • Connection

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.objectRefs.*

  • bigquery.objectRefs.read
  • bigquery.objectRefs.write

(roles/bigquery.objectRefReader)

Role for reading referenced objects via ObjectRefs in BigQuery

Lowest-level resources where you can grant this role:

  • Connection

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.objectRefs.read

(roles/bigquery.readSessionUser)

Provides the ability to create and use read sessions.

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.resourceAdmin)

Administers BigQuery workloads, including slot assignments, commitments, and reservations.

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.bireservations.*

  • bigquery.bireservations.get
  • bigquery.bireservations.update

bigquery.capacityCommitments.*

  • bigquery.capacityCommitments.create
  • bigquery.capacityCommitments.delete
  • bigquery.capacityCommitments.get
  • bigquery.capacityCommitments.list
  • bigquery.capacityCommitments.update

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.*

  • bigquery.reservationAssignments.create
  • bigquery.reservationAssignments.delete
  • bigquery.reservationAssignments.list
  • bigquery.reservationAssignments.search

bigquery.reservations.*

  • bigquery.reservations.create
  • bigquery.reservations.delete
  • bigquery.reservations.get
  • bigquery.reservations.list
  • bigquery.reservations.listFailoverDatasets
  • bigquery.reservations.update
  • bigquery.reservations.use

recommender.bigqueryCapacityCommitmentsInsights.*

  • recommender.bigqueryCapacityCommitmentsInsights.get
  • recommender.bigqueryCapacityCommitmentsInsights.list
  • recommender.bigqueryCapacityCommitmentsInsights.update

recommender.bigqueryCapacityCommitmentsRecommendations.*

  • recommender.bigqueryCapacityCommitmentsRecommendations.get
  • recommender.bigqueryCapacityCommitmentsRecommendations.list
  • recommender.bigqueryCapacityCommitmentsRecommendations.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.resourceEditor)

Manages BigQuery workloads, but is unable to create or modify slot commitments.

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.*

  • bigquery.reservationAssignments.create
  • bigquery.reservationAssignments.delete
  • bigquery.reservationAssignments.list
  • bigquery.reservationAssignments.search

bigquery.reservations.*

  • bigquery.reservations.create
  • bigquery.reservations.delete
  • bigquery.reservations.get
  • bigquery.reservations.list
  • bigquery.reservations.listFailoverDatasets
  • bigquery.reservations.update
  • bigquery.reservations.use

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.resourceViewer)

Can view BigQuery workloads, but cannot create or modify slot reservations or commitments.

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.jobs.get

bigquery.jobs.list

bigquery.jobs.listAll

bigquery.jobs.listExecutionMetadata

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.reservations.get

bigquery.reservations.list

bigquery.reservations.listFailoverDatasets

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.studioAdmin)

Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin, Gemini for Google Cloud Settings Admin, and Dataproc Serverless Editor.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Table
    • View
    • Routine
  • Connection
  • Saved query
  • Data canvas
  • Data preparation
  • Pipeline
  • Repository

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

aiplatform.notebookRuntimeTemplates.*

  • aiplatform.notebookRuntimeTemplates.apply
  • aiplatform.notebookRuntimeTemplates.create
  • aiplatform.notebookRuntimeTemplates.delete
  • aiplatform.notebookRuntimeTemplates.get
  • aiplatform.notebookRuntimeTemplates.getIamPolicy
  • aiplatform.notebookRuntimeTemplates.list
  • aiplatform.notebookRuntimeTemplates.setIamPolicy
  • aiplatform.notebookRuntimeTemplates.update

aiplatform.notebookRuntimes.*

  • aiplatform.notebookRuntimes.assign
  • aiplatform.notebookRuntimes.delete
  • aiplatform.notebookRuntimes.get
  • aiplatform.notebookRuntimes.list
  • aiplatform.notebookRuntimes.start
  • aiplatform.notebookRuntimes.update
  • aiplatform.notebookRuntimes.upgrade

aiplatform.operations.list

bigquery.bireservations.*

  • bigquery.bireservations.get
  • bigquery.bireservations.update

bigquery.capacityCommitments.*

  • bigquery.capacityCommitments.create
  • bigquery.capacityCommitments.delete
  • bigquery.capacityCommitments.get
  • bigquery.capacityCommitments.list
  • bigquery.capacityCommitments.update

bigquery.config.*

  • bigquery.config.get
  • bigquery.config.update

bigquery.connections.*

  • bigquery.connections.create
  • bigquery.connections.delegate
  • bigquery.connections.delete
  • bigquery.connections.get
  • bigquery.connections.getIamPolicy
  • bigquery.connections.list
  • bigquery.connections.setIamPolicy
  • bigquery.connections.update
  • bigquery.connections.updateTag
  • bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

  • bigquery.datasets.create
  • bigquery.datasets.createTagBinding
  • bigquery.datasets.delete
  • bigquery.datasets.deleteTagBinding
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.datasets.link
  • bigquery.datasets.listEffectiveTags
  • bigquery.datasets.listSharedDatasetUsage
  • bigquery.datasets.listTagBindings
  • bigquery.datasets.setIamPolicy
  • bigquery.datasets.update
  • bigquery.datasets.updateTag

bigquery.jobs.*

  • bigquery.jobs.create
  • bigquery.jobs.delete
  • bigquery.jobs.get
  • bigquery.jobs.list
  • bigquery.jobs.listAll
  • bigquery.jobs.listExecutionMetadata
  • bigquery.jobs.update

bigquery.models.*

  • bigquery.models.create
  • bigquery.models.delete
  • bigquery.models.export
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.models.updateData
  • bigquery.models.updateMetadata
  • bigquery.models.updateTag

bigquery.objectRefs.*

  • bigquery.objectRefs.read
  • bigquery.objectRefs.write

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

bigquery.reservationAssignments.*

  • bigquery.reservationAssignments.create
  • bigquery.reservationAssignments.delete
  • bigquery.reservationAssignments.list
  • bigquery.reservationAssignments.search

bigquery.reservations.*

  • bigquery.reservations.create
  • bigquery.reservations.delete
  • bigquery.reservations.get
  • bigquery.reservations.list
  • bigquery.reservations.listFailoverDatasets
  • bigquery.reservations.update
  • bigquery.reservations.use

bigquery.routines.*

  • bigquery.routines.create
  • bigquery.routines.delete
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.routines.update
  • bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

  • bigquery.savedqueries.create
  • bigquery.savedqueries.delete
  • bigquery.savedqueries.get
  • bigquery.savedqueries.list
  • bigquery.savedqueries.update

bigquery.tables.*

  • bigquery.tables.create
  • bigquery.tables.createIndex
  • bigquery.tables.createSnapshot
  • bigquery.tables.createTagBinding
  • bigquery.tables.delete
  • bigquery.tables.deleteIndex
  • bigquery.tables.deleteSnapshot
  • bigquery.tables.deleteTagBinding
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • bigquery.tables.listEffectiveTags
  • bigquery.tables.listTagBindings
  • bigquery.tables.replicateData
  • bigquery.tables.restoreSnapshot
  • bigquery.tables.setCategory
  • bigquery.tables.setColumnDataPolicy
  • bigquery.tables.setIamPolicy
  • bigquery.tables.update
  • bigquery.tables.updateData
  • bigquery.tables.updateIndex
  • bigquery.tables.updateTag

bigquery.transfers.*

  • bigquery.transfers.get
  • bigquery.transfers.update

bigquerymigration.translation.translate

cloudaicompanion.codeToolsSettings.*

  • cloudaicompanion.codeToolsSettings.create
  • cloudaicompanion.codeToolsSettings.delete
  • cloudaicompanion.codeToolsSettings.get
  • cloudaicompanion.codeToolsSettings.list
  • cloudaicompanion.codeToolsSettings.update

cloudaicompanion.companions.*

  • cloudaicompanion.companions.generateChat
  • cloudaicompanion.companions.generateCode

cloudaicompanion.dataSharingWithGoogleSettings.*

  • cloudaicompanion.dataSharingWithGoogleSettings.create
  • cloudaicompanion.dataSharingWithGoogleSettings.delete
  • cloudaicompanion.dataSharingWithGoogleSettings.get
  • cloudaicompanion.dataSharingWithGoogleSettings.list
  • cloudaicompanion.dataSharingWithGoogleSettings.update

cloudaicompanion.entitlements.get

cloudaicompanion.geminiGcpEnablementSettings.*

  • cloudaicompanion.geminiGcpEnablementSettings.create
  • cloudaicompanion.geminiGcpEnablementSettings.delete
  • cloudaicompanion.geminiGcpEnablementSettings.get
  • cloudaicompanion.geminiGcpEnablementSettings.list
  • cloudaicompanion.geminiGcpEnablementSettings.update

cloudaicompanion.instances.*

  • cloudaicompanion.instances.completeCode
  • cloudaicompanion.instances.completeTask
  • cloudaicompanion.instances.exportMetrics
  • cloudaicompanion.instances.generateCode
  • cloudaicompanion.instances.generateText
  • cloudaicompanion.instances.queryEffectiveSetting
  • cloudaicompanion.instances.queryEffectiveSettingBindings

cloudaicompanion.licenses.selfAssign

cloudaicompanion.loggingSettings.*

  • cloudaicompanion.loggingSettings.create
  • cloudaicompanion.loggingSettings.delete
  • cloudaicompanion.loggingSettings.get
  • cloudaicompanion.loggingSettings.list
  • cloudaicompanion.loggingSettings.update

cloudaicompanion.operations.get

cloudaicompanion.releaseChannelSettings.*

  • cloudaicompanion.releaseChannelSettings.create
  • cloudaicompanion.releaseChannelSettings.delete
  • cloudaicompanion.releaseChannelSettings.get
  • cloudaicompanion.releaseChannelSettings.list
  • cloudaicompanion.releaseChannelSettings.update

cloudaicompanion.settingBindings.*

  • cloudaicompanion.settingBindings.codeToolsSettingsCreate
  • cloudaicompanion.settingBindings.codeToolsSettingsDelete
  • cloudaicompanion.settingBindings.codeToolsSettingsGet
  • cloudaicompanion.settingBindings.codeToolsSettingsList
  • cloudaicompanion.settingBindings.codeToolsSettingsUpdate
  • cloudaicompanion.settingBindings.codeToolsSettingsUse
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsCreate
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsDelete
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsList
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUpdate
  • cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUse
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsCreate
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsDelete
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsList
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUpdate
  • cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUse
  • cloudaicompanion.settingBindings.loggingSettingsCreate
  • cloudaicompanion.settingBindings.loggingSettingsDelete
  • cloudaicompanion.settingBindings.loggingSettingsGet
  • cloudaicompanion.settingBindings.loggingSettingsList
  • cloudaicompanion.settingBindings.loggingSettingsUpdate
  • cloudaicompanion.settingBindings.loggingSettingsUse
  • cloudaicompanion.settingBindings.releaseChannelSettingsCreate
  • cloudaicompanion.settingBindings.releaseChannelSettingsDelete
  • cloudaicompanion.settingBindings.releaseChannelSettingsGet
  • cloudaicompanion.settingBindings.releaseChannelSettingsList
  • cloudaicompanion.settingBindings.releaseChannelSettingsUpdate
  • cloudaicompanion.settingBindings.releaseChannelSettingsUse

cloudaicompanion.topics.create

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

compute.projects.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.reservations.get

compute.reservations.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataform.*

  • dataform.commentThreads.create
  • dataform.commentThreads.delete
  • dataform.commentThreads.get
  • dataform.commentThreads.list
  • dataform.commentThreads.update
  • dataform.comments.create
  • dataform.comments.delete
  • dataform.comments.get
  • dataform.comments.list
  • dataform.comments.update
  • dataform.compilationResults.create
  • dataform.compilationResults.get
  • dataform.compilationResults.list
  • dataform.compilationResults.query
  • dataform.config.get
  • dataform.config.update
  • dataform.locations.get
  • dataform.locations.list
  • dataform.releaseConfigs.create
  • dataform.releaseConfigs.delete
  • dataform.releaseConfigs.get
  • dataform.releaseConfigs.list
  • dataform.releaseConfigs.update
  • dataform.repositories.commit
  • dataform.repositories.computeAccessTokenStatus
  • dataform.repositories.create
  • dataform.repositories.delete
  • dataform.repositories.fetchHistory
  • dataform.repositories.fetchRemoteBranches
  • dataform.repositories.get
  • dataform.repositories.getIamPolicy
  • dataform.repositories.list
  • dataform.repositories.queryDirectoryContents
  • dataform.repositories.readFile
  • dataform.repositories.setIamPolicy
  • dataform.repositories.update
  • dataform.workflowConfigs.create
  • dataform.workflowConfigs.delete
  • dataform.workflowConfigs.get
  • dataform.workflowConfigs.list
  • dataform.workflowConfigs.update
  • dataform.workflowInvocations.cancel
  • dataform.workflowInvocations.create
  • dataform.workflowInvocations.delete
  • dataform.workflowInvocations.get
  • dataform.workflowInvocations.list
  • dataform.workflowInvocations.query
  • dataform.workspaces.commit
  • dataform.workspaces.create
  • dataform.workspaces.delete
  • dataform.workspaces.fetchFileDiff
  • dataform.workspaces.fetchFileGitStatuses
  • dataform.workspaces.fetchGitAheadBehind
  • dataform.workspaces.get
  • dataform.workspaces.getIamPolicy
  • dataform.workspaces.installNpmPackages
  • dataform.workspaces.list
  • dataform.workspaces.makeDirectory
  • dataform.workspaces.moveDirectory
  • dataform.workspaces.moveFile
  • dataform.workspaces.pull
  • dataform.workspaces.push
  • dataform.workspaces.queryDirectoryContents
  • dataform.workspaces.readFile
  • dataform.workspaces.removeDirectory
  • dataform.workspaces.removeFile
  • dataform.workspaces.reset
  • dataform.workspaces.searchFiles
  • dataform.workspaces.setIamPolicy
  • dataform.workspaces.writeFile

dataplex.projects.search

dataproc.batches.*

  • dataproc.batches.analyze
  • dataproc.batches.cancel
  • dataproc.batches.create
  • dataproc.batches.delete
  • dataproc.batches.get
  • dataproc.batches.list
  • dataproc.batches.sparkApplicationRead
  • dataproc.batches.sparkApplicationWrite

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.*

  • dataproc.sessionTemplates.create
  • dataproc.sessionTemplates.delete
  • dataproc.sessionTemplates.get
  • dataproc.sessionTemplates.list
  • dataproc.sessionTemplates.update

dataproc.sessions.*

  • dataproc.sessions.create
  • dataproc.sessions.delete
  • dataproc.sessions.get
  • dataproc.sessions.list
  • dataproc.sessions.sparkApplicationRead
  • dataproc.sessions.sparkApplicationWrite
  • dataproc.sessions.terminate

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

  • dataprocrm.workloads.cancel
  • dataprocrm.workloads.create
  • dataprocrm.workloads.delete
  • dataprocrm.workloads.get
  • dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.studioUser)

Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, Notebook Runtime User, Gemini for Google Cloud User, and Dataproc Serverless Editor.

Lowest-level resources where you can grant this role:

  • Saved query
  • Data canvas
  • Data preparation
  • Pipeline
  • Repository

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

aiplatform.notebookRuntimeTemplates.apply

aiplatform.notebookRuntimeTemplates.get

aiplatform.notebookRuntimeTemplates.getIamPolicy

aiplatform.notebookRuntimeTemplates.list

aiplatform.notebookRuntimes.assign

aiplatform.notebookRuntimes.get

aiplatform.notebookRuntimes.list

aiplatform.operations.list

bigquery.config.get

bigquery.jobs.create

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

cloudaicompanion.companions.*

  • cloudaicompanion.companions.generateChat
  • cloudaicompanion.companions.generateCode

cloudaicompanion.entitlements.get

cloudaicompanion.instances.*

  • cloudaicompanion.instances.completeCode
  • cloudaicompanion.instances.completeTask
  • cloudaicompanion.instances.exportMetrics
  • cloudaicompanion.instances.generateCode
  • cloudaicompanion.instances.generateText
  • cloudaicompanion.instances.queryEffectiveSetting
  • cloudaicompanion.instances.queryEffectiveSettingBindings

cloudaicompanion.licenses.selfAssign

cloudaicompanion.operations.get

cloudaicompanion.topics.create

compute.projects.get

compute.regions.*

  • compute.regions.get
  • compute.regions.list

compute.zones.*

  • compute.zones.get
  • compute.zones.list

dataform.commentThreads.get

dataform.commentThreads.list

dataform.comments.get

dataform.comments.list

dataform.locations.*

  • dataform.locations.get
  • dataform.locations.list

dataform.repositories.create

dataform.repositories.list

dataplex.projects.search

dataproc.batches.*

  • dataproc.batches.analyze
  • dataproc.batches.cancel
  • dataproc.batches.create
  • dataproc.batches.delete
  • dataproc.batches.get
  • dataproc.batches.list
  • dataproc.batches.sparkApplicationRead
  • dataproc.batches.sparkApplicationWrite

dataproc.operations.cancel

dataproc.operations.delete

dataproc.operations.get

dataproc.operations.list

dataproc.sessionTemplates.*

  • dataproc.sessionTemplates.create
  • dataproc.sessionTemplates.delete
  • dataproc.sessionTemplates.get
  • dataproc.sessionTemplates.list
  • dataproc.sessionTemplates.update

dataproc.sessions.*

  • dataproc.sessions.create
  • dataproc.sessions.delete
  • dataproc.sessions.get
  • dataproc.sessions.list
  • dataproc.sessions.sparkApplicationRead
  • dataproc.sessions.sparkApplicationWrite
  • dataproc.sessions.terminate

dataprocrm.nodePools.*

  • dataprocrm.nodePools.create
  • dataprocrm.nodePools.delete
  • dataprocrm.nodePools.deleteNodes
  • dataprocrm.nodePools.get
  • dataprocrm.nodePools.list
  • dataprocrm.nodePools.resize

dataprocrm.nodes.get

dataprocrm.nodes.heartbeat

dataprocrm.nodes.list

dataprocrm.nodes.update

dataprocrm.operations.get

dataprocrm.operations.list

dataprocrm.workloads.*

  • dataprocrm.workloads.cancel
  • dataprocrm.workloads.create
  • dataprocrm.workloads.delete
  • dataprocrm.workloads.get
  • dataprocrm.workloads.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/bigquery.user)

When granted on a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset.

When granted on a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role (roles/bigquery.dataOwner) on these new datasets.

Lowest-level resources where you can grant this role:

  • Dataset
  • These resources within a dataset:
    • Routine

This role can also be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.bireservations.get

bigquery.capacityCommitments.get

bigquery.capacityCommitments.list

bigquery.config.get

bigquery.datasets.create

bigquery.datasets.get

bigquery.datasets.getIamPolicy

bigquery.jobs.create

bigquery.jobs.list

bigquery.models.list

bigquery.readsessions.*

  • bigquery.readsessions.create
  • bigquery.readsessions.getData
  • bigquery.readsessions.update

bigquery.reservationAssignments.list

bigquery.reservationAssignments.search

bigquery.reservations.get

bigquery.reservations.list

bigquery.reservations.listFailoverDatasets

bigquery.reservations.use

bigquery.routines.list

bigquery.savedqueries.get

bigquery.savedqueries.list

bigquery.tables.list

bigquery.transfers.get

bigquerymigration.translation.translate

cloudkms.keyHandles.*

  • cloudkms.keyHandles.create
  • cloudkms.keyHandles.get
  • cloudkms.keyHandles.list

cloudkms.operations.get

cloudkms.projects.showEffectiveAutokeyConfig

dataform.locations.*

  • dataform.locations.get
  • dataform.locations.list

dataform.repositories.create

dataform.repositories.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Connection API roles

This table lists the IAM roles and permissions for BigQuery Connection API. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigqueryconnection.serviceAgent)

Gives BigQuery Connection Service access to Cloud SQL instances in user projects.

cloudsql.instances.connect

cloudsql.instances.get

logging.logEntries.create

logging.logEntries.route

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

BigQuery Continuous Query roles

This table lists the IAM roles and permissions for BigQuery Continuous Query. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigquerycontinuousquery.serviceAgent)

Gives BigQuery Continuous Query access to the service accounts in the user project.

iam.serviceAccounts.getAccessToken

BigQuery Data Policy roles

This table lists the IAM roles and permissions for BigQuery Data Policy. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigquerydatapolicy.admin)

Role for managing Data Policies in BigQuery

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

(roles/bigquerydatapolicy.maskedReader)

Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.dataPolicies.maskedGet

(roles/bigquerydatapolicy.rawDataReader)

Raw read access to sub-resources associated with a data policy, for example, BigQuery columns

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.dataPolicies.getRawData

(roles/bigquerydatapolicy.viewer)

Role for viewing Data Policies in BigQuery

This role can only be granted on Resource Manager resources (projects, folders, and organizations).

bigquery.dataPolicies.get

bigquery.dataPolicies.list

BigQuery Data Transfer Service roles

This table lists the IAM roles and permissions for BigQuery Data Transfer Service. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigquerydatatransfer.serviceAgent)

Gives BigQuery Data Transfer Service access to start BigQuery jobs in consumer project.

bigquery.config.get

bigquery.jobs.create

compute.networkAttachments.get

compute.networkAttachments.update

compute.regionOperations.get

compute.subnetworks.use

dataform.locations.*

  • dataform.locations.get
  • dataform.locations.list

dataform.repositories.create

dataform.repositories.list

iam.serviceAccounts.getAccessToken

logging.logEntries.create

logging.logEntries.route

resourcemanager.projects.get

resourcemanager.projects.list

serviceusage.services.use

This table lists the IAM roles and permissions for BigQuery Engine for Apache Flink. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/managedflink.admin)

Full access to Managed Flink resources.

managedflink.*

  • managedflink.deployments.create
  • managedflink.deployments.delete
  • managedflink.deployments.get
  • managedflink.deployments.list
  • managedflink.deployments.update
  • managedflink.jobs.create
  • managedflink.jobs.delete
  • managedflink.jobs.get
  • managedflink.jobs.list
  • managedflink.jobs.update
  • managedflink.locations.get
  • managedflink.locations.list
  • managedflink.operations.cancel
  • managedflink.operations.delete
  • managedflink.operations.get
  • managedflink.operations.list
  • managedflink.sessions.create
  • managedflink.sessions.delete
  • managedflink.sessions.get
  • managedflink.sessions.list
  • managedflink.sessions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedflink.developer)

Full access to Managed Flink Jobs and Sessions and read access to Deployments.

managedflink.deployments.get

managedflink.deployments.list

managedflink.jobs.*

  • managedflink.jobs.create
  • managedflink.jobs.delete
  • managedflink.jobs.get
  • managedflink.jobs.list
  • managedflink.jobs.update

managedflink.locations.*

  • managedflink.locations.get
  • managedflink.locations.list

managedflink.operations.get

managedflink.operations.list

managedflink.sessions.*

  • managedflink.sessions.create
  • managedflink.sessions.delete
  • managedflink.sessions.get
  • managedflink.sessions.list
  • managedflink.sessions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/managedflink.serviceAgent)

Gives Managed Flink Service Agent access to Cloud Platform resources.

compute.networkAttachments.create

compute.networkAttachments.delete

compute.networkAttachments.get

compute.networkAttachments.list

compute.networkAttachments.update

compute.networks.get

compute.networks.list

compute.regionOperations.get

compute.subnetworks.get

compute.subnetworks.list

compute.subnetworks.use

dns.networks.targetWithPeeringZone

managedkafka.clusters.get

managedkafka.clusters.list

managedkafka.clusters.update

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

  • monitoring.monitoredResourceDescriptors.get
  • monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

serviceusage.services.use

storage.objects.get

(roles/managedflink.viewer)

Readonly access to Managed Flink resources.

managedflink.deployments.get

managedflink.deployments.list

managedflink.jobs.get

managedflink.jobs.list

managedflink.locations.*

  • managedflink.locations.get
  • managedflink.locations.list

managedflink.operations.get

managedflink.operations.list

managedflink.sessions.get

managedflink.sessions.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery Migration Service roles

This table lists the IAM roles and permissions for BigQuery Migration Service. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigquerymigration.editor)

Editor of EDW migration workflows.

bigquerymigration.subtasks.*

  • bigquerymigration.subtasks.get
  • bigquerymigration.subtasks.list

bigquerymigration.workflows.create

bigquerymigration.workflows.delete

bigquerymigration.workflows.enableAiOutputTypes

bigquerymigration.workflows.enableLineageOutputTypes

bigquerymigration.workflows.enableOutputTypePermissions

bigquerymigration.workflows.get

bigquerymigration.workflows.list

bigquerymigration.workflows.update

(roles/bigquerymigration.orchestrator)

Orchestrator of EDW migration tasks.

bigquerymigration.workflows.orchestrateTask

storage.objects.list

(roles/bigquerymigration.translationUser)

User of EDW migration interactive SQL translation service.

bigquerymigration.translation.translate

(roles/bigquerymigration.viewer)

Viewer of EDW migration MigrationWorkflow.

bigquerymigration.subtasks.*

  • bigquerymigration.subtasks.get
  • bigquerymigration.subtasks.list

bigquerymigration.workflows.get

bigquerymigration.workflows.list

(roles/bigquerymigration.worker)

Worker that executes EDW migration subtasks.

storage.objects.create

storage.objects.get

storage.objects.list

BigQuery Omni roles

This table lists the IAM roles and permissions for BigQuery Omni. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/bigqueryomni.serviceAgent)

Gives BigQuery Omni access to tables in user projects.

bigquery.jobs.create

bigquery.tables.updateData

BigQuery sharing roles

This table lists the IAM roles and permissions for BigQuery sharing. To search through all roles and permissions, see the role and permission index.

Role Permissions

(roles/analyticshub.admin)

Administer Data Exchanges and Listings

analyticshub.dataExchanges.create

analyticshub.dataExchanges.delete

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.dataExchanges.setIamPolicy

analyticshub.dataExchanges.update

analyticshub.dataExchanges.viewSubscriptions

analyticshub.listings.create

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

analyticshub.listings.viewSubscriptions

analyticshub.subscriptions.*

  • analyticshub.subscriptions.create
  • analyticshub.subscriptions.delete
  • analyticshub.subscriptions.get
  • analyticshub.subscriptions.list
  • analyticshub.subscriptions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.listingAdmin)

Grants full control over the Listing, including updating, deleting and setting ACLs

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.delete

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.setIamPolicy

analyticshub.listings.update

analyticshub.listings.viewSubscriptions

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.publisher)

Can publish to Data Exchanges thus creating Listings

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.create

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.subscriber)

Can browse Data Exchanges and subscribe to Listings

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.dataExchanges.subscribe

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.listings.subscribe

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.subscriptionOwner)

Grants full control over the Subscription, including updating and deleting

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

analyticshub.subscriptions.*

  • analyticshub.subscriptions.create
  • analyticshub.subscriptions.delete
  • analyticshub.subscriptions.get
  • analyticshub.subscriptions.list
  • analyticshub.subscriptions.update

resourcemanager.projects.get

resourcemanager.projects.list

(roles/analyticshub.viewer)

Can browse Data Exchanges and Listings

analyticshub.dataExchanges.get

analyticshub.dataExchanges.getIamPolicy

analyticshub.dataExchanges.list

analyticshub.listings.get

analyticshub.listings.getIamPolicy

analyticshub.listings.list

resourcemanager.projects.get

resourcemanager.projects.list

BigQuery permissions

The following tables list the permissions available in BigQuery. These are included in predefined roles and can be used in custom role definitions. To search through all roles and permissions, see the role and permission index.

BigQuery permissions

This table lists the IAM permissions for BigQuery and the roles that include them. To search through all roles and permissions, see the role and permission index.

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Job User (roles/bigquery.jobUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Assured Workloads Administrator (roles/assuredworkloads.admin)

Assured Workloads Editor (roles/assuredworkloads.editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Connection User (roles/bigquery.connectionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Viewer (roles/datacatalog.viewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Connection User (roles/bigquery.connectionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Connection User (roles/bigquery.connectionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Tag Editor (roles/datacatalog.tagEditor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Connection Admin (roles/bigquery.connectionAdmin)

BigQuery Connection User (roles/bigquery.connectionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

BigQuery Data Policy Viewer (roles/bigquerydatapolicy.viewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Raw Data Reader (roles/bigquerydatapolicy.rawDataReader)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

BigQuery Data Policy Viewer (roles/bigquerydatapolicy.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Masked Reader (roles/bigquerydatapolicy.maskedReader)

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Data Policy Admin (roles/bigquerydatapolicy.admin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Viewer (roles/datacatalog.viewer)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

SLZ BQDW Blueprint Project Level Remediator (roles/securedlandingzone.bqdwProjectRemediator)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

SLZ BQDW Blueprint Project Level Remediator (roles/securedlandingzone.bqdwProjectRemediator)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

SLZ BQDW Blueprint Project Level Remediator (roles/securedlandingzone.bqdwProjectRemediator)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

SLZ BQDW Blueprint Project Level Remediator (roles/securedlandingzone.bqdwProjectRemediator)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Tag Editor (roles/datacatalog.tagEditor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Job User (roles/bigquery.jobUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Viewer (roles/datacatalog.viewer)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Tag Editor (roles/datacatalog.tagEditor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery ObjectRef Admin (roles/bigquery.objectRefAdmin)

BigQuery ObjectRef Reader (roles/bigquery.objectRefReader)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery ObjectRef Admin (roles/bigquery.objectRefAdmin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Read Session User (roles/bigquery.readSessionUser)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery Studio User (roles/bigquery.studioUser)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Resource Viewer (roles/bigquery.resourceViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Resource Admin (roles/bigquery.resourceAdmin)

BigQuery Resource Editor (roles/bigquery.resourceEditor)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Viewer (roles/datacatalog.viewer)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Tag Editor (roles/datacatalog.tagEditor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

BigQuery Filtered Data Viewer (roles/bigquery.filteredDataViewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Viewer (roles/datacatalog.viewer)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Metadata Viewer (roles/bigquery.metadataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Reader (roles/dataplex.storageDataReader)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Tag User (roles/resourcemanager.tagUser)

Tag Viewer (roles/resourcemanager.tagViewer)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Data Viewer (roles/bigquery.dataViewer)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

Owner (roles/owner)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Security Admin (roles/iam.securityAdmin)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Dataplex Storage Data Owner (roles/dataplex.storageDataOwner)

Dataplex Storage Data Writer (roles/dataplex.storageDataWriter)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

BigQuery Admin (roles/bigquery.admin)

BigQuery Data Editor (roles/bigquery.dataEditor)

BigQuery Data Owner (roles/bigquery.dataOwner)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Data Catalog Admin (roles/datacatalog.admin)

Data Catalog Tag Editor (roles/datacatalog.tagEditor)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

Service agent roles

BigQuery Connection API permissions

There are no IAM permissions for this service.

BigQuery Continuous Query permissions

There are no IAM permissions for this service.

BigQuery Data Policy permissions

There are no IAM permissions for this service.

BigQuery Data Transfer Service permissions

There are no IAM permissions for this service.

This table lists the IAM permissions for BigQuery Engine for Apache Flink and the roles that include them. To search through all roles and permissions, see the role and permission index.

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

Managed Flink Viewer (roles/managedflink.viewer)

Owner (roles/owner)

Editor (roles/editor)

Managed Flink Admin (roles/managedflink.admin)

Managed Flink Developer (roles/managedflink.developer)

BigQuery Migration Service permissions

This table lists the IAM permissions for BigQuery Migration Service and the roles that include them. To search through all roles and permissions, see the role and permission index.

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

MigrationWorkflow Viewer (roles/bigquerymigration.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

MigrationWorkflow Viewer (roles/bigquerymigration.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

BigQuery Admin (roles/bigquery.admin)

BigQuery Studio Admin (roles/bigquery.studioAdmin)

BigQuery User (roles/bigquery.user)

Migration Translation User (roles/bigquerymigration.translationUser)

DLP Organization Data Profiles Driver (roles/dlp.orgdriver)

DLP Project Data Profiles Driver (roles/dlp.projectdriver)

Service agent roles

Owner (roles/owner)

Editor (roles/editor)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

Owner (roles/owner)

Editor (roles/editor)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

Owner (roles/owner)

Editor (roles/editor)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

Owner (roles/owner)

Editor (roles/editor)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

Owner (roles/owner)

Editor (roles/editor)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

MigrationWorkflow Viewer (roles/bigquerymigration.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

MigrationWorkflow Viewer (roles/bigquerymigration.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Task Orchestrator (roles/bigquerymigration.orchestrator)

Owner (roles/owner)

Editor (roles/editor)

MigrationWorkflow Editor (roles/bigquerymigration.editor)

BigQuery Omni permissions

There are no IAM permissions for this service.

BigQuery sharing permissions

This table lists the IAM permissions for BigQuery sharing and the roles that include them. To search through all roles and permissions, see the role and permission index.

Permission Included in roles

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Analytics Hub Admin (roles/analyticshub.admin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Owner (roles/owner)

Analytics Hub Admin (roles/analyticshub.admin)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Analytics Hub Publisher (roles/analyticshub.publisher)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Analytics Hub Viewer (roles/analyticshub.viewer)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Security Admin (roles/iam.securityAdmin)

Owner (roles/owner)

Analytics Hub Subscriber (roles/analyticshub.subscriber)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Owner (roles/owner)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Listing Admin (roles/analyticshub.listingAdmin)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Security Admin (roles/iam.securityAdmin)

Security Reviewer (roles/iam.securityReviewer)

Owner (roles/owner)

Editor (roles/editor)

Analytics Hub Admin (roles/analyticshub.admin)

Analytics Hub Subscription Owner (roles/analyticshub.subscriptionOwner)

Permissions for BigQuery ML tasks

The following table describes the permissions needed for common BigQuery ML tasks.

Permission Description
bigquery.jobs.create
bigquery.models.create
bigquery.models.getData
bigquery.models.updateData
Create a new model using CREATE MODEL statement
bigquery.jobs.create
bigquery.models.create
bigquery.models.getData
bigquery.models.updateData
bigquery.models.updateMetadata
Replace an existing model using CREATE OR REPLACE MODEL statement
bigquery.models.delete Delete model using models.delete API
bigquery.jobs.create
bigquery.models.delete
Delete model using DROP MODEL statement
bigquery.models.getMetadata Get model metadata using models.get API
bigquery.models.list List models and metadata on models using models.list API
bigquery.models.updateMetadata Update model metadata using models.delete API. If setting or updating a non-zero expiration time for Model, bigquery.models.delete permission is also needed
bigquery.jobs.create
bigquery.models.getData
Perform evaluation, prediction and model and feature inspections using functions such as ML.EVALUATE, ML.PREDICT, ML.TRAINING_INFO, and ML.WEIGHTS.
bigquery.jobs.create
bigquery.models.export
Export a model
bigquery.models.updateTag Update Data Catalog tags for a model.

What's next