BigQuery IAM roles and permissions
This document provides a list of Identity and Access Management (IAM) predefined roles and permissions for BigQuery. This page includes roles and permissions for the following:
- BigQuery: Roles and permissions that apply to BigQuery resources such as datasets, tables, views, and routines. Many of these roles and permissions can also be granted to Resource Manager resources like projects, folders, and organizations.
- BigQuery Connection API: Role that grants a service agent access to a Cloud SQL connection.
- BigQuery Continuous Query: Role that grants a service account access to a continuous query.
- BigQuery Data Policy: Roles and permissions that apply to Data Policies in BigQuery.
- BigQuery Data Transfer Service: Role that grants a service agent access to create jobs that transfer data.
- BigQuery Engine for Apache Flink: Roles and permissions that apply to BigQuery Engine for Apache Flink resources.
- BigQuery Migration Service API: Roles and permissions that apply to BigQuery Migration Service resources.
- BigQuery Omni: Role that grants a service agent access to tables.
- BigQuery sharing: Roles and permissions that apply to BigQuery sharing resources.
BigQuery predefined IAM roles
The following tables list the predefined BigQuery IAM roles with a corresponding list of all the permissions each role includes. Note that each permission is applicable to a particular resource type.
BigQuery roles
This table lists the IAM roles and permissions for BigQuery. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
BigQuery Admin( Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Connection Admin(
Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Connection User(
Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Data Editor( When granted on a table or view, this role provides permissions to:
This role cannot be granted to individual models. When granted on a dataset, this role provides permissions to:
The BigQuery Data Editor role is mapped to the
When applied at the project or organization level, this role also lets users create new datasets. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Data Owner( When granted on a table or view, this role provides permissions to:
This role cannot be granted to individual models. When granted on a dataset, this role provides permissions to:
The BigQuery Data Owner role is mapped to the
When applied at the project or organization level, this role can also create new datasets. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Data Viewer( When granted on a table or view, this role provides permissions to:
This role cannot be granted to individual models. When granted on a dataset, this role provides permissions to list all of the resources in the dataset (such as tables, views, snapshots, models, and routines) and to read their data and metadata with applicable APIs and in queries. The BigQuery Data Viewer role is mapped to the
When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Filtered Data Viewer(
Access to view filtered table data defined by a row access policy.
|
|
BigQuery Job User( Provides permissions to run jobs, including queries, within the project. This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Metadata Viewer( When granted on a table or view, this role provides permissions to:
This role cannot be granted to individual models. When granted on a dataset, this role provides permissions to:
When applied at the project or organization level, this role provides permissions to:
Additional roles are necessary to allow the running of jobs. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery ObjectRef Admin( Administer ObjectRef resources that includes read and write permissions Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery ObjectRef Reader( Role for reading referenced objects via ObjectRefs in BigQuery Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Read Session User( Provides the ability to create and use read sessions. This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Resource Admin( Administers BigQuery workloads, including slot assignments, commitments, and reservations. This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Resource Editor( Manages BigQuery workloads, but is unable to create or modify slot commitments. This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Resource Viewer( Can view BigQuery workloads, but cannot create or modify slot reservations or commitments. This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Studio Admin( Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin, Gemini for Google Cloud Settings Admin, and Dataproc Serverless Editor. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Studio User( Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, Notebook Runtime User, Gemini for Google Cloud User, and Dataproc Serverless Editor. Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery User( When granted on a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset. When granted on a project, this role also provides the ability to run jobs, including queries,
within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and
enumerate datasets within a project. Additionally, allows the creation of new datasets within the
project; the creator is granted the BigQuery Data Owner role ( Lowest-level resources where you can grant this role:
This role can also be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Connection API roles
This table lists the IAM roles and permissions for BigQuery Connection API. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
BigQuery Connection Service Agent( Gives BigQuery Connection Service access to Cloud SQL instances in user projects. |
|
BigQuery Continuous Query roles
This table lists the IAM roles and permissions for BigQuery Continuous Query. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
BigQuery Continuous Query Service Agent( Gives BigQuery Continuous Query access to the service accounts in the user project. |
|
BigQuery Data Policy roles
This table lists the IAM roles and permissions for BigQuery Data Policy. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
BigQuery Data Policy Admin( Role for managing Data Policies in BigQuery This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
Masked Reader( Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
Raw Data Reader Beta( Raw read access to sub-resources associated with a data policy, for example, BigQuery columns This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Data Policy Viewer( Role for viewing Data Policies in BigQuery This role can only be granted on Resource Manager resources (projects, folders, and organizations). |
|
BigQuery Data Transfer Service roles
This table lists the IAM roles and permissions for BigQuery Data Transfer Service. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
BigQuery Data Transfer Service Agent( Gives BigQuery Data Transfer Service access to start BigQuery jobs in consumer project. |
|
BigQuery Engine for Apache Flink roles
This table lists the IAM roles and permissions for BigQuery Engine for Apache Flink. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
Managed Flink Admin Beta( Full access to Managed Flink resources. |
|
Managed Flink Developer Beta( Full access to Managed Flink Jobs and Sessions and read access to Deployments. |
|
Managed Flink Service Agent( Gives Managed Flink Service Agent access to Cloud Platform resources. |
|
Managed Flink Viewer Beta( Readonly access to Managed Flink resources. |
|
BigQuery Migration Service roles
This table lists the IAM roles and permissions for BigQuery Migration Service. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
MigrationWorkflow Editor( Editor of EDW migration workflows. |
|
Task Orchestrator( Orchestrator of EDW migration tasks. |
|
Migration Translation User( User of EDW migration interactive SQL translation service. |
|
MigrationWorkflow Viewer( Viewer of EDW migration MigrationWorkflow. |
|
Task Worker( Worker that executes EDW migration subtasks. |
|
BigQuery Omni roles
This table lists the IAM roles and permissions for BigQuery Omni. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
BigQuery Omni Service Agent( Gives BigQuery Omni access to tables in user projects. |
|
BigQuery sharing roles
This table lists the IAM roles and permissions for BigQuery sharing. To search through all roles and permissions, see the role and permission index.
Role | Permissions |
---|---|
Analytics Hub Admin( Administer Data Exchanges and Listings |
|
Analytics Hub Listing Admin( Grants full control over the Listing, including updating, deleting and setting ACLs |
|
Analytics Hub Publisher( Can publish to Data Exchanges thus creating Listings |
|
Analytics Hub Subscriber( Can browse Data Exchanges and subscribe to Listings |
|
Analytics Hub Subscription Owner( Grants full control over the Subscription, including updating and deleting |
|
Analytics Hub Viewer( Can browse Data Exchanges and Listings |
|
BigQuery permissions
The following tables list the permissions available in BigQuery. These are included in predefined roles and can be used in custom role definitions. To search through all roles and permissions, see the role and permission index.
BigQuery permissions
This table lists the IAM permissions for BigQuery and the roles that include them. To search through all roles and permissions, see the role and permission index.
Permission | Included in roles |
---|---|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Job User (
BigQuery Studio Admin (
BigQuery Studio User (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Assured Workloads Administrator (
Assured Workloads Editor (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Connection User (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Viewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Connection User (
BigQuery Studio Admin (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Connection User (
BigQuery Studio Admin (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Studio Admin (
Security Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Tag Editor (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Connection Admin (
BigQuery Connection User (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin (
BigQuery Data Policy Viewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Raw Data Reader ( |
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin (
BigQuery Data Policy Viewer (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Masked Reader ( |
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin (
Security Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery Data Policy Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
BigQuery User (
Data Catalog Admin (
Data Catalog Viewer (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
SLZ BQDW Blueprint Project Level Remediator ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer (
SLZ BQDW Blueprint Project Level Remediator ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User (
Tag Viewer ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User (
Tag Viewer ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
Security Admin (
SLZ BQDW Blueprint Project Level Remediator ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
SLZ BQDW Blueprint Project Level Remediator ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Tag Editor (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Job User (
BigQuery Studio Admin (
BigQuery Studio User (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Viewer (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
BigQuery User (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Tag Editor (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery ObjectRef Admin (
BigQuery ObjectRef Reader (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery ObjectRef Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Read Session User (
BigQuery Studio Admin (
BigQuery Studio User (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Read Session User (
BigQuery Studio Admin (
BigQuery Studio User (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Read Session User (
BigQuery Studio Admin (
BigQuery Studio User (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Resource Viewer (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Resource Admin (
BigQuery Resource Editor (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Viewer (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
BigQuery User (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Tag Editor (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
BigQuery Filtered Data Viewer ( |
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
Security Admin (
Security Reviewer ( Service agent roles
|
|
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
Security Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Viewer (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Metadata Viewer (
BigQuery Studio Admin (
BigQuery User (
Dataplex Storage Data Owner (
Dataplex Storage Data Reader (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Security Admin (
Security Reviewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User (
Tag Viewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver (
Tag User (
Tag Viewer ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Data Viewer (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin ( Service agent roles
|
|
Owner (
BigQuery Admin (
BigQuery Data Owner (
BigQuery Studio Admin (
Security Admin ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Dataplex Storage Data Owner (
Dataplex Storage Data Writer (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
BigQuery Admin (
BigQuery Data Editor (
BigQuery Data Owner (
BigQuery Studio Admin (
Data Catalog Admin (
Data Catalog Tag Editor (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
Viewer (
BigQuery Admin (
BigQuery Studio Admin (
BigQuery User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
BigQuery Admin (
BigQuery Studio Admin ( Service agent roles
|
BigQuery Connection API permissions
There are no IAM permissions for this service.
BigQuery Continuous Query permissions
There are no IAM permissions for this service.
BigQuery Data Policy permissions
There are no IAM permissions for this service.
BigQuery Data Transfer Service permissions
There are no IAM permissions for this service.
BigQuery Engine for Apache Flink permissions
This table lists the IAM permissions for BigQuery Engine for Apache Flink and the roles that include them. To search through all roles and permissions, see the role and permission index.
Permission | Included in roles |
---|---|
|
Owner (
Editor (
Managed Flink Admin ( |
|
Owner (
Editor (
Managed Flink Admin ( |
|
Owner (
Editor (
Viewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Viewer (
Security Admin (
Security Reviewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Managed Flink Admin ( |
|
Owner (
Editor (
Managed Flink Admin (
Managed Flink Developer ( |
|
Owner (
Editor (
Managed Flink Admin (
Managed Flink Developer ( |
|
Owner (
Editor (
Viewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Viewer (
Security Admin (
Security Reviewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Managed Flink Admin (
Managed Flink Developer ( |
|
Owner (
Editor (
Viewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Viewer (
Security Admin (
Security Reviewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Managed Flink Admin ( |
|
Owner (
Editor (
Managed Flink Admin ( |
|
Owner (
Editor (
Viewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Viewer (
Security Admin (
Security Reviewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Managed Flink Admin (
Managed Flink Developer ( |
|
Owner (
Editor (
Managed Flink Admin (
Managed Flink Developer ( |
|
Owner (
Editor (
Viewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Viewer (
Security Admin (
Security Reviewer (
Managed Flink Admin (
Managed Flink Developer (
Managed Flink Viewer ( |
|
Owner (
Editor (
Managed Flink Admin (
Managed Flink Developer ( |
BigQuery Migration Service permissions
This table lists the IAM permissions for BigQuery Migration Service and the roles that include them. To search through all roles and permissions, see the role and permission index.
Permission | Included in roles |
---|---|
|
Owner (
Editor (
Viewer (
MigrationWorkflow Editor (
MigrationWorkflow Viewer ( |
|
Owner (
Editor (
Viewer (
MigrationWorkflow Editor (
MigrationWorkflow Viewer (
Security Admin (
Security Reviewer ( |
|
Owner (
Editor (
BigQuery Admin (
BigQuery Studio Admin (
BigQuery User (
Migration Translation User (
DLP Organization Data Profiles Driver (
DLP Project Data Profiles Driver ( Service agent roles
|
|
Owner (
Editor (
MigrationWorkflow Editor ( |
|
Owner (
Editor (
MigrationWorkflow Editor ( |
|
Owner (
Editor (
MigrationWorkflow Editor ( |
|
Owner (
Editor (
MigrationWorkflow Editor ( |
|
Owner (
Editor (
MigrationWorkflow Editor ( |
|
Owner (
Editor (
Viewer (
MigrationWorkflow Editor (
MigrationWorkflow Viewer ( |
|
Owner (
Editor (
Viewer (
MigrationWorkflow Editor (
MigrationWorkflow Viewer (
Security Admin (
Security Reviewer ( |
|
Owner (
Task Orchestrator ( |
|
Owner (
Editor (
MigrationWorkflow Editor ( |
BigQuery Omni permissions
There are no IAM permissions for this service.
BigQuery sharing permissions
This table lists the IAM permissions for BigQuery sharing and the roles that include them. To search through all roles and permissions, see the role and permission index.
Permission | Included in roles |
---|---|
|
Owner (
Editor (
Analytics Hub Admin ( |
|
Owner (
Editor (
Analytics Hub Admin ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Analytics Hub Publisher (
Analytics Hub Subscriber (
Analytics Hub Subscription Owner (
Analytics Hub Viewer ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Analytics Hub Publisher (
Analytics Hub Subscriber (
Analytics Hub Subscription Owner (
Analytics Hub Viewer (
Security Admin (
Security Reviewer ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Analytics Hub Publisher (
Analytics Hub Subscriber (
Analytics Hub Subscription Owner (
Analytics Hub Viewer (
Security Admin (
Security Reviewer ( |
|
Owner (
Analytics Hub Admin (
Security Admin ( |
|
Owner (
Analytics Hub Subscriber ( |
|
Owner (
Editor (
Analytics Hub Admin ( |
|
Owner (
Analytics Hub Admin ( |
|
Owner (
Editor (
Analytics Hub Admin (
Analytics Hub Publisher ( |
|
Owner (
Editor (
Analytics Hub Admin (
Analytics Hub Listing Admin ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Analytics Hub Publisher (
Analytics Hub Subscriber (
Analytics Hub Subscription Owner (
Analytics Hub Viewer ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Analytics Hub Publisher (
Analytics Hub Subscriber (
Analytics Hub Subscription Owner (
Analytics Hub Viewer (
Security Admin (
Security Reviewer ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Analytics Hub Publisher (
Analytics Hub Subscriber (
Analytics Hub Subscription Owner (
Analytics Hub Viewer (
Security Admin (
Security Reviewer ( |
|
Owner (
Analytics Hub Admin (
Analytics Hub Listing Admin (
Security Admin ( |
|
Owner (
Analytics Hub Subscriber ( |
|
Owner (
Editor (
Analytics Hub Admin (
Analytics Hub Listing Admin ( |
|
Owner (
Analytics Hub Admin (
Analytics Hub Listing Admin ( |
|
Owner (
Editor (
Analytics Hub Admin (
Analytics Hub Subscription Owner ( |
|
Owner (
Editor (
Analytics Hub Admin (
Analytics Hub Subscription Owner ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Subscription Owner ( |
|
Owner (
Editor (
Viewer (
Analytics Hub Admin (
Analytics Hub Subscription Owner (
Security Admin (
Security Reviewer ( |
|
Owner (
Editor (
Analytics Hub Admin (
Analytics Hub Subscription Owner ( |
Permissions for BigQuery ML tasks
The following table describes the permissions needed for common BigQuery ML tasks.
Permission | Description |
---|---|
bigquery.jobs.create bigquery.models.create bigquery.models.getData bigquery.models.updateData |
Create a new model using CREATE MODEL statement |
bigquery.jobs.create bigquery.models.create bigquery.models.getData bigquery.models.updateData bigquery.models.updateMetadata |
Replace an existing model using CREATE OR REPLACE MODEL statement |
bigquery.models.delete |
Delete model using models.delete API |
bigquery.jobs.create bigquery.models.delete |
Delete model using DROP MODEL statement |
bigquery.models.getMetadata |
Get model metadata using models.get API |
bigquery.models.list |
List models and metadata on models using models.list API |
bigquery.models.updateMetadata |
Update model metadata using models.delete API. If setting or updating a non-zero expiration
time for Model, bigquery.models.delete permission is also needed |
bigquery.jobs.create bigquery.models.getData
|
Perform evaluation, prediction and model and feature inspections using functions such as
ML.EVALUATE , ML.PREDICT , ML.TRAINING_INFO , and
ML.WEIGHTS . |
bigquery.jobs.create bigquery.models.export
|
Export a model |
bigquery.models.updateTag |
Update Data Catalog tags for a model. |
What's next
- For more information about assigning roles at the dataset level, see Controlling access to datasets.
- For more information about assigning roles at the table or view level, see Controlling access to tables and views.