이 페이지는 Cloud Translation API를 통해 번역되었습니다.

Dataplex IAM 역할
컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

Dataplex는 여러 Identity and Access Management(IAM) 역할을 정의합니다. 사전 정의된 각 역할에는 주 구성원이 특정 작업을 수행할 수 있게 허용하는 IAM 권한 집합이 포함되어 있습니다. IAM 정책을 사용하여 주 구성원에게 하나 이상의 IAM 역할을 부여할 수 있습니다.

IAM은 맞춤설정된 역할을 만드는 기능도 제공합니다. 커스텀 IAM 역할을 생성하고 역할에 하나 이상의 권한을 할당할 수 있습니다. 그런 다음 주 구성원에게 새 역할을 부여할 수 있습니다. 사용 가능한 미리 정의된 역할 외에도 커스텀 역할을 사용하면 필요에 따라 액세스 제어 모델을 만들 수 있습니다.

이 문서에서는 Dataplex와 관련된 IAM 역할을 설명합니다.

IAM과 그 기능에 대한 자세한 설명은 IAM 문서를 참조하세요.

Dataplex 역할 정보

Dataplex IAM 역할은 하나 이상의 권한이 포함된 번들입니다. 주 구성원이 프로젝트에서 Dataplex 리소스에 대한 작업을 수행할 수 있도록 역할을 부여합니다. 예를 들어 Dataplex 뷰어 역할에는 사용자가 프로젝트의 Dataplex 리소스를 가져오고 나열할 수 있는 dataplex.*.get 및 dataplex.*.list 권한이 포함됩니다. 자세한 내용은 Dataplex 권한을 참고하세요.

프로젝트, 레이크, 데이터 영역 등의 서비스 계층 구조에 있는 모든 리소스에 Dataplex 역할을 적용할 수 있습니다.

기본 역할

IAM 프로젝트 역할을 사용하여 프로젝트 수준에서 기본 역할을 할당할 수 있습니다. 다음은 IAM 프로젝트 역할과 연결된 권한 목록입니다.

프로젝트 역할	권한
프로젝트 소유자	모든 프로젝트 편집자 권한에 더해 프로젝트에 대한 액세스 제어를 관리하고(IamPolicy 가져오기/설정) 프로젝트 결제를 설정하는 권한
프로젝트 편집자	모든 프로젝트 뷰어 권한에 더해 상태를 수정하는 작업에 대한 모든 프로젝트 권한(만들기, 삭제, 업데이트, 사용)
프로젝트 뷰어	상태를 보존하는 읽기 전용 작업에 대한 모든 프로젝트 권한(가져오기, 표시)

Dataplex의 사전 정의된 역할

사전 정의된 역할에는 태스크 또는 관련 태스크 그룹을 수행하는 데 필요한 권한이 포함되어 있습니다.

다음에 유의하세요.

Dataplex 관리자, Dataplex 편집자, Dataplex 뷰어 역할은 Dataplex 카탈로그 리소스에 대한 액세스 권한을 제공하지 않습니다.
@bigquery 및 @dataplex와 같은 시스템 정의 항목 그룹에서 Dataplex 카탈로그 항목을 추가하거나 삭제할 권한을 부여하는 역할은 없습니다.
Dataplex 항목 소유자 역할에는 다음이 포함됩니다.
- 항목 관련 작업에 대한 전체 액세스 권한을 부여합니다.
- Schema, Generic, Overview, Contacts와 같은 일부 시스템 관점 유형의 관점을 추가할 권한을 부여합니다.
- GenericEntry 유형의 항목을 만들 수 있는 권한을 부여합니다.
- 이 역할을 사용하면 항목 유형과 관점 유형이 항목과 동일한 프로젝트에 정의된 항목 유형과 관점 유형으로 항목을 만들 수 있습니다. 그 외의 경우에는 항목 유형과 관점 유형이 정의된 프로젝트에 대한 Dataplex 항목 유형 사용자 및 Dataplex 관점 유형 사용자 역할이 추가로 부여되어야 합니다.
- LookupEntry 메서드 또는 SearchEntries 메서드를 사용하는 경우 이 역할은 BigQuery 항목과 같이 Dataplex 외부의Google Cloud 리소스에서 생성된 항목을 읽는 권한을 부여하지 않습니다. 이러한 항목을 읽으려면 소스 시스템 리소스에 대한 권한을 부여받아야 합니다. 또는 GetEntry 메서드를 사용하여 Dataplex 항목 소유자 역할만으로 항목을 읽을 수 있습니다.
SearchEntries 메서드를 사용하여 항목을 검색하려면 API 요청에 사용되는 프로젝트의 Dataplex 카탈로그 IAM 역할 중 하나 이상을 부여받아야 합니다. 검색 결과에 대한 권한은 선택한 프로젝트와는 별도로 확인됩니다.

다음 표에는 Dataplex의 사전 정의된 역할 및 각 역할과 연결된 권한이 나와 있습니다.

Role Permissions

Role	Permissions
Dataplex Administrator (`roles/dataplex.admin`) Full access to Dataplex resources, except Dataplex Catalog.	`cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.setIamPolicy` `dataplex.assets.update` `dataplex.content.` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.dataAttributeBindings.` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update` `dataplex.datascans.` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.encryptionConfig.` `dataplex.encryptionConfig.create` `dataplex.encryptionConfig.delete` `dataplex.encryptionConfig.get` `dataplex.encryptionConfig.list` `dataplex.encryptionConfig.update` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.entryGroups.export` `dataplex.entryGroups.import` `dataplex.environments.` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.setIamPolicy` `dataplex.environments.update` `dataplex.lakeActions.list` `dataplex.lakes.` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.setIamPolicy` `dataplex.lakes.update` `dataplex.locations.` `dataplex.locations.get` `dataplex.locations.list` `dataplex.metadataJobs.` `dataplex.metadataJobs.cancel` `dataplex.metadataJobs.create` `dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.tasks.` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.setIamPolicy` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.*` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.setIamPolicy` `dataplex.zones.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type Owner (`roles/dataplex.aspectTypeOwner`) Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.*` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type User (`roles/dataplex.aspectTypeUser`) Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Binding Administrator (`roles/dataplex.bindingAdmin`) Full access on DataAttribute Bindig resources.	`dataplex.dataAttributeBindings.*` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update`
Dataplex Catalog Admin (`roles/dataplex.catalogAdmin`) Has full access to Catalog resources.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Editor (`roles/dataplex.catalogEditor`) Has write access to Catalog resources. Cannot set IAM policies on resources	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.*` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Viewer (`roles/dataplex.catalogViewer`) Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types, Entry Link Types, Entries and Entry Links. Can view IAM policies on Catalog resources.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Data Owner (`roles/dataplex.dataOwner`) Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.ownData` `dataplex.assets.readData` `dataplex.assets.writeData`
Dataplex Data Reader (`roles/dataplex.dataReader`) Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.readData`
Dataplex DataScan Administrator (`roles/dataplex.dataScanAdmin`) Full access to DataScan resources.	`dataplex.datascans.*` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Creator (`roles/dataplex.dataScanCreator`) Access to create new DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.get` `dataplex.datascans.list` `dataplex.operations.get`
Dataplex DataScan DataViewer (`roles/dataplex.dataScanDataViewer`) Read access to DataScan resources and additional contents.	`dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex DataScan Editor (`roles/dataplex.dataScanEditor`) Write access to DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Viewer (`roles/dataplex.dataScanViewer`) Read access to DataScan resources.	`dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex Data Writer (`roles/dataplex.dataWriter`) Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.writeData`
Dataplex Developer (`roles/dataplex.developer`) Allows running data analytics workloads in a lake.	`dataplex.content.*` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update`
Dataplex Editor (`roles/dataplex.editor`) Write access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.update` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.update` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.update` `dataplex.lakeActions.list` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.update` `dataplex.operations.*` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.update`
Dataplex Encryption Admin (`roles/dataplex.encryptionAdmin`) Gives user permissions to manage encryption config.	`dataplex.encryptionConfig.*` `dataplex.encryptionConfig.create` `dataplex.encryptionConfig.delete` `dataplex.encryptionConfig.get` `dataplex.encryptionConfig.list` `dataplex.encryptionConfig.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex Entry Group Exporter ^Beta (`roles/dataplex.entryGroupExporter`) Grants access to export this entry group for Metadata Job processing.	`dataplex.entryGroups.export` `dataplex.entryGroups.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Group Importer (`roles/dataplex.entryGroupImporter`) Grants access to import this entry group for Metadata Job processing.	`dataplex.entryGroups.get` `dataplex.entryGroups.import` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Group Owner (`roles/dataplex.entryGroupOwner`) Owns Entry Groups and Entries inside of them.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry and EntryLink Owner (`roles/dataplex.entryOwner`) Owns Metadata Entries and EntryLinks.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.*` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.get` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type Owner (`roles/dataplex.entryTypeOwner`) Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.	`datacatalog.migrationConfig.get` `dataplex.entryTypes.*` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type User (`roles/dataplex.entryTypeUser`) Grants access to use Entry Types to create/modify Entries of those types.	`datacatalog.migrationConfig.get` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Job Owner (`roles/dataplex.metadataJobOwner`) Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.	`dataplex.metadataJobs.*` `dataplex.metadataJobs.cancel` `dataplex.metadataJobs.create` `dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Job Viewer (`roles/dataplex.metadataJobViewer`) Read access to Metadata Job resources.	`dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Reader (`roles/dataplex.metadataReader`) Read only access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.get` `dataplex.entities.list` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Writer (`roles/dataplex.metadataWriter`) Write and Read access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Security Administrator (`roles/dataplex.securityAdmin`) Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.	`dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess`
Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.tables.create` `bigquery.tables.createSnapshot` `bigquery.tables.delete` `bigquery.tables.deleteSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.restoreSnapshot` `bigquery.tables.update` `bigquery.tables.updateData` `storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `storage.buckets.get` `storage.objects.get` `storage.objects.list`
Dataplex Storage Data Writer (`roles/dataplex.storageDataWriter`) Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.tables.updateData` `storage.objects.create` `storage.objects.delete` `storage.objects.update`
Dataplex Taxonomy Administrator (`roles/dataplex.taxonomyAdmin`) Full access to DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.*` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update`
Dataplex Taxonomy Viewer (`roles/dataplex.taxonomyViewer`) Read access on DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list`
Dataplex Viewer (`roles/dataplex.viewer`) Read access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.lakeActions.list` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.zoneActions.list` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list`

Dataplex Administrator

(roles/dataplex.admin)

Full access to Dataplex resources, except Dataplex Catalog.

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.setIamPolicy

dataplex.assets.update

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.*

dataplex.dataTaxonomies.configureDataAccess
dataplex.dataTaxonomies.configureResourceAccess
dataplex.dataTaxonomies.create
dataplex.dataTaxonomies.delete
dataplex.dataTaxonomies.get
dataplex.dataTaxonomies.getIamPolicy
dataplex.dataTaxonomies.list
dataplex.dataTaxonomies.setIamPolicy
dataplex.dataTaxonomies.update

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.encryptionConfig.*

dataplex.encryptionConfig.create
dataplex.encryptionConfig.delete
dataplex.encryptionConfig.get
dataplex.encryptionConfig.list
dataplex.encryptionConfig.update

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.entryGroups.export

dataplex.entryGroups.import

dataplex.environments.*

dataplex.environments.create
dataplex.environments.delete
dataplex.environments.execute
dataplex.environments.get
dataplex.environments.getIamPolicy
dataplex.environments.list
dataplex.environments.setIamPolicy
dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.*

dataplex.lakes.create
dataplex.lakes.delete
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.lakes.list
dataplex.lakes.setIamPolicy
dataplex.lakes.update

dataplex.locations.*

dataplex.locations.get
dataplex.locations.list

dataplex.metadataJobs.*

dataplex.metadataJobs.cancel
dataplex.metadataJobs.create
dataplex.metadataJobs.get
dataplex.metadataJobs.list

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.tasks.*

dataplex.tasks.cancel
dataplex.tasks.create
dataplex.tasks.delete
dataplex.tasks.get
dataplex.tasks.getIamPolicy
dataplex.tasks.list
dataplex.tasks.run
dataplex.tasks.setIamPolicy
dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.*

dataplex.zones.create
dataplex.zones.delete
dataplex.zones.get
dataplex.zones.getIamPolicy
dataplex.zones.list
dataplex.zones.setIamPolicy
dataplex.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type Owner

(roles/dataplex.aspectTypeOwner)

Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type User

(roles/dataplex.aspectTypeUser)

Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Binding Administrator

(roles/dataplex.bindingAdmin)

Full access on DataAttribute Bindig resources.

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

Dataplex Catalog Admin

(roles/dataplex.catalogAdmin)

Has full access to Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Editor

(roles/dataplex.catalogEditor)

Has write access to Catalog resources. Cannot set IAM policies on resources

datacatalog.migrationConfig.get

dataplex.aspectTypes.create

dataplex.aspectTypes.delete

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.aspectTypes.update

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.create

dataplex.entryGroups.delete

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryGroups.update

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.create

dataplex.entryTypes.delete

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.entryTypes.update

dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Viewer

(roles/dataplex.catalogViewer)

Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types, Entry Link Types, Entries and Entry Links. Can view IAM policies on Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Data Owner

(roles/dataplex.dataOwner)

Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.ownData

dataplex.assets.readData

dataplex.assets.writeData

Dataplex Data Reader

(roles/dataplex.dataReader)

Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.readData

Dataplex DataScan Administrator

(roles/dataplex.dataScanAdmin)

Full access to DataScan resources.

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Creator

(roles/dataplex.dataScanCreator)

Access to create new DataScan resources.

dataplex.datascans.create

dataplex.datascans.get

dataplex.datascans.list

dataplex.operations.get

Dataplex DataScan DataViewer

(roles/dataplex.dataScanDataViewer)

Read access to DataScan resources and additional contents.

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex DataScan Editor

(roles/dataplex.dataScanEditor)

Write access to DataScan resources.

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Viewer

(roles/dataplex.dataScanViewer)

Read access to DataScan resources.

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex Data Writer

(roles/dataplex.dataWriter)

Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.writeData

Dataplex Developer

(roles/dataplex.developer)

Allows running data analytics workloads in a lake.

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

Dataplex Editor

(roles/dataplex.editor)

Write access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.update

dataplex.content.delete

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.create

dataplex.dataAttributeBindings.delete

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributeBindings.update

dataplex.dataAttributes.bind

dataplex.dataAttributes.create

dataplex.dataAttributes.delete

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataAttributes.update

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.update

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.environments.create

dataplex.environments.delete

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.create

dataplex.lakes.delete

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.lakes.update

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.create

dataplex.zones.delete

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

dataplex.zones.update

Dataplex Encryption Admin

(roles/dataplex.encryptionAdmin)

Gives user permissions to manage encryption config.

dataplex.encryptionConfig.*

dataplex.encryptionConfig.create
dataplex.encryptionConfig.delete
dataplex.encryptionConfig.get
dataplex.encryptionConfig.list
dataplex.encryptionConfig.update

dataplex.operations.get

dataplex.operations.list

Dataplex Entry Group Exporter ^Beta

(roles/dataplex.entryGroupExporter)

Grants access to export this entry group for Metadata Job processing.

dataplex.entryGroups.export

dataplex.entryGroups.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Group Importer

(roles/dataplex.entryGroupImporter)

Grants access to import this entry group for Metadata Job processing.

dataplex.entryGroups.get

dataplex.entryGroups.import

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Group Owner

(roles/dataplex.entryGroupOwner)

Owns Entry Groups and Entries inside of them.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry and EntryLink Owner

(roles/dataplex.entryOwner)

Owns Metadata Entries and EntryLinks.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useSchemaAspect

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type Owner

(roles/dataplex.entryTypeOwner)

Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type User

(roles/dataplex.entryTypeUser)

Grants access to use Entry Types to create/modify Entries of those types.

datacatalog.migrationConfig.get

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Job Owner

(roles/dataplex.metadataJobOwner)

Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.

dataplex.metadataJobs.*

dataplex.metadataJobs.cancel
dataplex.metadataJobs.create
dataplex.metadataJobs.get
dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Job Viewer

(roles/dataplex.metadataJobViewer)

Read access to Metadata Job resources.

dataplex.metadataJobs.get

dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Reader

(roles/dataplex.metadataReader)

Read only access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.get

dataplex.entities.list

dataplex.partitions.get

dataplex.partitions.list

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Writer

(roles/dataplex.metadataWriter)

Write and Read access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Security Administrator

(roles/dataplex.securityAdmin)

Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

Dataplex Storage Data Owner

(roles/dataplex.storageDataOwner)

Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.create

bigquery.models.delete

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.models.updateData

bigquery.models.updateMetadata

bigquery.routines.create

bigquery.routines.delete

bigquery.routines.get

bigquery.routines.list

bigquery.routines.update

bigquery.tables.create

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Dataplex Storage Data Reader

(roles/dataplex.storageDataReader)

Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

storage.buckets.get

storage.objects.get

storage.objects.list

Dataplex Storage Data Writer

(roles/dataplex.storageDataWriter)

Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.tables.updateData

storage.objects.create

storage.objects.delete

storage.objects.update

Dataplex Taxonomy Administrator

(roles/dataplex.taxonomyAdmin)

Full access to DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.setIamPolicy

dataplex.dataTaxonomies.update

Dataplex Taxonomy Viewer

(roles/dataplex.taxonomyViewer)

Read access on DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

Dataplex Viewer

(roles/dataplex.viewer)

Read access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.lakeActions.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.operations.get

dataplex.operations.list

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.zoneActions.list

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

데이터 계보의 사전 정의된 역할

Dataplex 카탈로그 항목의 계보에 액세스하려면 Dataplex의 항목에 액세스해야 합니다. Dataplex 카탈로그 항목에 액세스하려면 해당 시스템 리소스 또는 Dataplex 카탈로그 항목이 저장된 프로젝트의 Dataplex 카탈로그 뷰어 역할(roles/dataplex.catalogViewer)에 대한 뷰어 역할이 필요합니다. 이 섹션에서는 계보를 보는 데 필요한 역할을 설명합니다.

계보 뷰어 역할

데이터 계보 뷰어 역할(roles/datalineage.viewer)을 사용하면 Google Cloud 콘솔에서 Dataplex 계보를 보고 Data Lineage API를 사용하여 계보 정보를 읽을 수 있습니다. 특 프로세스의 실행과 이벤트는 모두 프로세스와 동일한 프로젝트에 저장됩니다. 자동 계보의 경우 프로세스, 실행, 이벤트가 계보를 생성한 작업이 실행되는 프로젝트에 저장됩니다. 예를 들어 BigQuery 작업이 실행 중인 프로젝트일 수 있습니다.

애셋 간의 계보와 애셋 메타데이터를 보려면 다른 역할이 필요합니다. 전자의 경우 데이터 계보 뷰어 역할 (roles/datalineage.viewer)이 필요합니다. 후자의 경우 Dataplex에서 메타데이터 항목에 액세스하는 데 사용되는 것과 동일한 역할이 필요합니다.

두 애셋 간의 계보를 보는 역할

애셋 간의 계보를 보려면 다음 프로젝트에 대한 데이터 계보 뷰어 역할 (roles/datalineage.viewer)이 필요합니다.

계보를 보고 있는 프로젝트(활성 프로젝트라고 함). 즉 Google Cloud 콘솔 상단의 드롭다운에 있는 프로젝트 또는 API 호출이 수행된 프로젝트입니다. 일반적으로 Dataplex Catalog에서 만들거나 API를 사용하여 다른 시스템에서 액세스할 리소스가 포함된 프로젝트입니다. Google Cloud
계보가 기록되는 프로젝트(컴퓨팅 프로젝트라고 함). 계보는 위에서 설명한 대로 해당 프로세스가 실행되는 프로젝트에 저장됩니다. 이 프로젝트는 계보를 보고 있는 애셋을 저장하는 프로젝트와 다를 수 있습니다.

역할 부여에 대한 자세한 내용은 액세스 관리를 참조하세요. 커스텀 역할이나 다른 사전 정의된 역할을 통해 필요한 권한을 얻을 수도 있습니다.

사용 사례에 따라 폴더 또는 조직 수준에서 데이터 계보 뷰어 역할 (roles/datalineage.viewer)을 부여하여 계보에 대한 액세스를 보장합니다 (단일 역할 부여 또는 취소 참조). 데이터 계보에 필요한 역할은 Google Cloud CLI를 통해서만 부여될 수 있습니다.

계보를 볼 때 애셋 메타데이터를 볼 수 있는 역할

애셋에 대한 메타데이터가 Dataplex 카탈로그에 저장되면 해당 시스템 리소스에 대한 뷰어 역할이 있거나 Dataplex 카탈로그 항목이 저장된 프로젝트에 대한 Dataplex 카탈로그 뷰어 역할 (roles/dataplex.catalogViewer)이 있는 경우에만 메타데이터 뷰를 가져올 수 있습니다. 적절한 뷰어 역할을 통해 계보 그래프 또는 목록의 애셋에는 액세스할 수 있지만 이들 사이의 계보에는 액세스할 수 없습니다. 이는 계보가 기록된 프로젝트에 데이터 계보 뷰어 역할 (roles/datalineage.viewer)이 없는 경우입니다. 이 경우 Data Lineage API 및 Google Cloud 콘솔은 계보를 표시하지 않으며 오류를 반환하지 않으므로 계보의 존재 여부에 대한 정보가 유출되지 않습니다. 따라서 애셋의 계보가 없다고 해서 해당 애셋의 계보가 없다는 것이 아니라 단지 해당 계보에 액세스할 수 없을 수 있다는 것을 의미합니다.

데이터 계보 이벤트 제작자 역할

데이터 계보 이벤트 제작자 역할(roles/datalineage.producer)을 사용하면 사용자가 데이터 계보 API를 사용하여 계보 정보를 수동으로 기록할 수 있습니다.

데이터 계보 편집자 역할

데이터 계보 편집자 역할(roles/datalineage.editor)이 있는 사용자는 Data Lineage API를 사용하여 계보 정보를 수동으로 수정할 수 있습니다.

데이터 계보 관리자 역할

데이터 계보 관리자 역할(roles/datalineage.admin)이 있는 사용자는 이 섹션에 나열된 모든 계보 작업을 수행할 수 있습니다.

데이터 역할

Dataplex는 Dataplex에서 관리하는 모든 리소스에 적용되는 다음 IAM 역할을 정의합니다. 각 역할과 관련된 권한에 대한 자세한 내용은 이 문서의 사전 정의된 역할 섹션을 참조하세요.

데이터 역할	기능	사유
Dataplex 데이터 소유자(`roles/dataplex.dataOwner`)	관리형 리소스에 대한 모든 권한입니다. 리소스 유형에 관계없이 모든 하위 리소스에 대한 모든 권한이 포함됩니다.	데이터 소유자는 다양한 기타 권한 외에도 리소스 메타데이터를 업데이트하고, 더 세분화된 권한(예: BigQuery 데이터 세트의 하위 테이블)을 부여하고, 하위 리소스를 만들 수 있습니다. 리소스에 대해 완전한 소유권을 보유합니다.
Dataplex 데이터 리더(`roles/dataplex.dataReader`)	관리형 리소스 및 하위 리소스의 데이터를 읽을 수 있습니다. 또한 관리형 리소스 및 하위 리소스의 메타데이터를 읽을 수 있습니다.	데이터 및 메타데이터를 읽을 수 있는 기능을 사용 설정합니다.
Dataplex 데이터 작성자(`roles/dataplex.dataWriter`)	데이터 만들기/업데이트/삭제가 가능합니다(메타데이터 제외).	핵심적인 Dataplex 사용자 경험을 지원합니다.

Dataplex IAM 역할 컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

Dataplex 역할 정보

기본 역할

Dataplex의 사전 정의된 역할

Dataplex Administrator

Dataplex Aspect Type Owner

Dataplex Aspect Type User

Dataplex Binding Administrator

Dataplex Catalog Admin

Dataplex Catalog Editor

Dataplex Catalog Viewer

Dataplex Data Owner

Dataplex Data Reader

Dataplex DataScan Administrator

Dataplex DataScan Creator

Dataplex DataScan DataViewer

Dataplex DataScan Editor

Dataplex DataScan Viewer

Dataplex Data Writer

Dataplex Developer

Dataplex Editor

Dataplex Encryption Admin

Dataplex Entry Group Exporter Beta

Dataplex Entry Group Importer

Dataplex Entry Group Owner

Dataplex Entry and EntryLink Owner

Dataplex Entry Type Owner

Dataplex Entry Type User

Dataplex Metadata Job Owner

Dataplex Metadata Job Viewer

Dataplex Metadata Reader

Dataplex Metadata Writer

Dataplex Security Administrator

Dataplex Storage Data Owner

Dataplex Storage Data Reader

Dataplex Storage Data Writer

Dataplex Taxonomy Administrator

Dataplex Taxonomy Viewer

Dataplex Viewer

데이터 계보의 사전 정의된 역할

계보 뷰어 역할

두 애셋 간의 계보를 보는 역할

계보를 볼 때 애셋 메타데이터를 볼 수 있는 역할

데이터 계보 이벤트 제작자 역할

데이터 계보 편집자 역할

데이터 계보 관리자 역할

데이터 역할

다음 단계

Dataplex IAM 역할
컬렉션을 사용해 정리하기 내 환경설정을 기준으로 콘텐츠를 저장하고 분류하세요.

Dataplex Entry Group Exporter ^Beta