本頁面由 Cloud Translation API 翻譯而成。

Dataplex Universal Catalog 身分與存取權管理角色

Dataplex Universal Catalog 定義了多個身分與存取權管理 (IAM) 角色。每個預先定義的角色都包含一組 IAM 權限，可讓主體執行特定動作。您可以使用 IAM 政策，為主體提供一或多個 IAM 角色。

IAM 也提供建立自訂角色的功能。您可以建立自訂身分與存取權管理角色，並為角色指派一或多個權限。接著，您可以授予主體新角色。您可以使用自訂角色，直接根據自己的需求建立存取權控制模型；此外，Google 也提供預先定義的角色。

本文說明與 Dataplex Universal Catalog 相關的 IAM 角色。

如需 IAM 和其功能的詳細說明，請參閱 IAM 說明文件。

關於 Dataplex Universal Catalog 角色

Dataplex Universal Catalog IAM 角色是由一或多個權限組合而成。您為主體授予角色，讓他們能夠對您專案中的 Dataplex Universal Catalog 資源執行動作。舉例來說，Dataplex 檢視者角色包含 dataplex.*.get 和 dataplex.*.list 權限，可讓使用者在專案中取得及列出 Dataplex Universal Catalog 資源。詳情請參閱「Dataplex Universal Catalog 權限」。

您可以將 Dataplex Universal Catalog 角色套用至服務階層中的任何資源，包括專案、湖泊和資料儲存區。

基本角色

您可以使用 IAM 專案角色，在專案層級指派基本角色。以下列出與 IAM 專案角色相關的權限：

專案角色	權限
專案擁有者	所有專案編輯者權限，加上管理專案存取權 (取得/設定 IAM 政策) 及設定專案帳單的權限
專案編輯者	所有專案檢視者權限，加上修改狀態動作的所有專案權限 (建立、刪除、更新、使用)
專案檢視者	保留狀態的唯讀動作的所有專案權限 (取得、表列)

Dataplex Universal Catalog 的預先定義角色

預先定義的角色包含執行工作或一組相關工作所需的權限。

注意事項：

如果您使用 Data Catalog，Data Catalog 項目存取權授權不會自動轉移至 Dataplex Universal Catalog 項目。您必須明確授予 Dataplex Universal Catalog 項目存取權，才能使用這些項目。
Dataplex 管理員、編輯者和檢視者角色無法存取中繼資料資源，例如項目群組、項目類型、切面類型和項目。
任何角色都無法透過系統定義的項目群組 (例如 @bigquery 和 @dataplex) 新增或刪除 Dataplex Universal Catalog 項目。
Dataplex 項目和 EntryLink 擁有者角色包含下列項目：
- 授予與項目相關作業的完整存取權。
- 授予權限，可新增部分系統切面類型 (例如 Schema、Generic、Overview 和 Contacts) 的切面。
- 授予建立 GenericEntry 類型項目的權限。
- 這個角色可讓您建立項目，並指定項目類型和切面類型，其中項目類型和切面類型與項目定義在同一個專案中。否則，必須在定義項目類型和切面類型的專案中，授予額外的 Dataplex 項目類型使用者和 Dataplex 切面類型使用者角色。
- 使用 LookupEntry 方法或 SearchEntries 方法時，這個角色不會授予權限，讓您讀取從 Dataplex Universal Catalog 以外的Google Cloud 資源建立的項目，例如 BigQuery 項目。如要讀取這些項目，您必須獲得來源系統資源的權限。或者，您也可以使用 GetEntry 方法，只讀取具有 Dataplex 項目和 EntryLink 擁有者角色的項目。
如要使用 SearchEntries 方法搜尋項目，您必須在 API 要求中使用的專案中，獲派至少下列其中一個 IAM 角色：Dataplex Catalog 管理員、Dataplex Catalog 編輯者或 Dataplex Catalog 檢視者。系統會檢查搜尋結果的權限，與所選專案無關。

下表列出 Dataplex Universal Catalog 預先定義的角色，以及與各角色相關聯的權限。

Role Permissions

Role	Permissions
Dataplex Administrator (`roles/dataplex.admin`) Full access to Dataplex resources, except Dataplex Catalog.	`cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.setIamPolicy` `dataplex.assets.update` `dataplex.content.` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.dataAttributeBindings.` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update` `dataplex.datascans.` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.entries.link` `dataplex.entryGroups.export` `dataplex.entryGroups.import` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.environments.` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.setIamPolicy` `dataplex.environments.update` `dataplex.glossaries.` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.import` `dataplex.glossaries.list` `dataplex.glossaries.setIamPolicy` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.lakeActions.list` `dataplex.lakes.` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.setIamPolicy` `dataplex.lakes.update` `dataplex.locations.` `dataplex.locations.get` `dataplex.locations.list` `dataplex.metadataJobs.` `dataplex.metadataJobs.cancel` `dataplex.metadataJobs.create` `dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.tasks.` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.setIamPolicy` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.setIamPolicy` `dataplex.zones.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type Owner (`roles/dataplex.aspectTypeOwner`) Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.*` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Aspect Type User (`roles/dataplex.aspectTypeUser`) Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Binding Administrator (`roles/dataplex.bindingAdmin`) Full access on DataAttribute Bindig resources.	`dataplex.dataAttributeBindings.*` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.setIamPolicy` `dataplex.dataAttributeBindings.update`
Dataplex Catalog Admin (`roles/dataplex.catalogAdmin`) Has full access to Catalog resources.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.glossaries.` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.import` `dataplex.glossaries.list` `dataplex.glossaries.setIamPolicy` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Editor (`roles/dataplex.catalogEditor`) Has write access to Catalog resources. Cannot set IAM policies on resources	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.list` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.*` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Catalog Viewer (`roles/dataplex.catalogViewer`) Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types, Entry Link Types, Entries and Entry Links. Can view IAM policies on Catalog resources.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryLinks.get` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.list` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Data Owner (`roles/dataplex.dataOwner`) Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.ownData` `dataplex.assets.readData` `dataplex.assets.writeData`
Dataplex Data Reader (`roles/dataplex.dataReader`) Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.readData`
Dataplex DataScan Administrator (`roles/dataplex.dataScanAdmin`) Full access to DataScan resources.	`dataplex.datascans.*` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Creator (`roles/dataplex.dataScanCreator`) Access to create new DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.get` `dataplex.datascans.list` `dataplex.operations.get`
Dataplex DataScan DataViewer (`roles/dataplex.dataScanDataViewer`) Read access to DataScan resources and additional contents.	`dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex DataScan Editor (`roles/dataplex.dataScanEditor`) Write access to DataScan resources.	`dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex DataScan Viewer (`roles/dataplex.dataScanViewer`) Read access to DataScan resources.	`dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list`
Dataplex Data Writer (`roles/dataplex.dataWriter`) Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.	`dataplex.assets.writeData`
Dataplex Developer (`roles/dataplex.developer`) Allows running data analytics workloads in a lake.	`dataplex.content.*` `dataplex.content.create` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.content.setIamPolicy` `dataplex.content.update` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update`
Dataplex Discovery BigLake Publishing Service Agent (`roles/dataplex.discoveryBigLakePublishingServiceAgent`) Gives the Dataplex Discovery Service Agent permissions to use bigquery connection. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.connections.delegate` `bigquery.connections.use`
Dataplex Discovery Publishing Service Agent (`roles/dataplex.discoveryPublishingServiceAgent`) Gives the Dataplex Discovery Service Agent dataset create and get permissions. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.datasets.create` `bigquery.datasets.get`
Dataplex Discovery Service Agent (`roles/dataplex.discoveryServiceAgent`) Gives the Dataplex Discovery Service Agent bucket read permissions. Warning: Do not grant service agent roles to any principals except service agents.	`storage.buckets.get` `storage.objects.get` `storage.objects.list`
Dataplex Editor (`roles/dataplex.editor`) Write access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.create` `dataplex.assets.delete` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.assets.update` `dataplex.content.delete` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.create` `dataplex.dataAttributeBindings.delete` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributeBindings.update` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.update` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.update` `dataplex.environments.create` `dataplex.environments.delete` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.environments.update` `dataplex.lakeActions.list` `dataplex.lakes.create` `dataplex.lakes.delete` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.lakes.update` `dataplex.operations.*` `dataplex.operations.cancel` `dataplex.operations.delete` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.cancel` `dataplex.tasks.create` `dataplex.tasks.delete` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.tasks.run` `dataplex.tasks.update` `dataplex.zoneActions.list` `dataplex.zones.create` `dataplex.zones.delete` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list` `dataplex.zones.update`
Dataplex Encryption Admin (`roles/dataplex.encryptionAdmin`) Gives user permissions to manage encryption config.	`dataplex.encryptionConfig.*` `dataplex.encryptionConfig.create` `dataplex.encryptionConfig.delete` `dataplex.encryptionConfig.get` `dataplex.encryptionConfig.list` `dataplex.encryptionConfig.update` `dataplex.operations.get` `dataplex.operations.list`
Dataplex Entry Group Exporter (`roles/dataplex.entryGroupExporter`) Grants access to export this entry group for Metadata Job processing.	`dataplex.entryGroups.export` `dataplex.entryGroups.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Group Importer (`roles/dataplex.entryGroupImporter`) Grants access to import this entry group for Metadata Job processing.	`dataplex.entryGroups.get` `dataplex.entryGroups.import` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Group Owner (`roles/dataplex.entryGroupOwner`) Owns Entry Groups and Entries inside of them.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.*` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry and EntryLink Owner (`roles/dataplex.entryOwner`) Owns Metadata Entries and EntryLinks.	`datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.get` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type Owner (`roles/dataplex.entryTypeOwner`) Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.	`datacatalog.migrationConfig.get` `dataplex.entryTypes.*` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Entry Type User (`roles/dataplex.entryTypeUser`) Grants access to use Entry Types to create/modify Entries of those types.	`datacatalog.migrationConfig.get` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Job Owner (`roles/dataplex.metadataJobOwner`) Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.	`dataplex.metadataJobs.*` `dataplex.metadataJobs.cancel` `dataplex.metadataJobs.create` `dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Job Viewer (`roles/dataplex.metadataJobViewer`) Read access to Metadata Job resources.	`dataplex.metadataJobs.get` `dataplex.metadataJobs.list` `dataplex.operations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Reader (`roles/dataplex.metadataReader`) Read only access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.get` `dataplex.entities.list` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Metadata Writer (`roles/dataplex.metadataWriter`) Write and Read access to metadata.	`dataplex.assets.get` `dataplex.assets.list` `dataplex.entities.` `dataplex.entities.create` `dataplex.entities.delete` `dataplex.entities.get` `dataplex.entities.list` `dataplex.entities.update` `dataplex.partitions.` `dataplex.partitions.create` `dataplex.partitions.delete` `dataplex.partitions.get` `dataplex.partitions.list` `dataplex.partitions.update` `dataplex.zones.get` `dataplex.zones.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataplex Security Administrator (`roles/dataplex.securityAdmin`) Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.	`dataplex.dataTaxonomies.configureDataAccess` `dataplex.dataTaxonomies.configureResourceAccess`
Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management. Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.bireservations.` `bigquery.bireservations.get` `bigquery.bireservations.update` `bigquery.capacityCommitments.` `bigquery.capacityCommitments.create` `bigquery.capacityCommitments.delete` `bigquery.capacityCommitments.get` `bigquery.capacityCommitments.list` `bigquery.capacityCommitments.update` `bigquery.config.` `bigquery.config.get` `bigquery.config.update` `bigquery.connections.` `bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.setIamPolicy` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.dataPolicies.create` `bigquery.dataPolicies.delete` `bigquery.dataPolicies.get` `bigquery.dataPolicies.getIamPolicy` `bigquery.dataPolicies.list` `bigquery.dataPolicies.setIamPolicy` `bigquery.dataPolicies.update` `bigquery.datasets.` `bigquery.datasets.create` `bigquery.datasets.createTagBinding` `bigquery.datasets.delete` `bigquery.datasets.deleteTagBinding` `bigquery.datasets.get` `bigquery.datasets.getIamPolicy` `bigquery.datasets.link` `bigquery.datasets.listEffectiveTags` `bigquery.datasets.listSharedDatasetUsage` `bigquery.datasets.listTagBindings` `bigquery.datasets.setIamPolicy` `bigquery.datasets.update` `bigquery.datasets.updateTag` `bigquery.jobs.` `bigquery.jobs.create` `bigquery.jobs.delete` `bigquery.jobs.get` `bigquery.jobs.list` `bigquery.jobs.listAll` `bigquery.jobs.listExecutionMetadata` `bigquery.jobs.update` `bigquery.models.` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.models.updateTag` `bigquery.objectRefs.` `bigquery.objectRefs.read` `bigquery.objectRefs.write` `bigquery.readsessions.` `bigquery.readsessions.create` `bigquery.readsessions.getData` `bigquery.readsessions.update` `bigquery.reservationAssignments.` `bigquery.reservationAssignments.create` `bigquery.reservationAssignments.delete` `bigquery.reservationAssignments.list` `bigquery.reservationAssignments.search` `bigquery.reservationGroups.` `bigquery.reservationGroups.create` `bigquery.reservationGroups.delete` `bigquery.reservationGroups.get` `bigquery.reservationGroups.list` `bigquery.reservations.` `bigquery.reservations.create` `bigquery.reservations.delete` `bigquery.reservations.get` `bigquery.reservations.list` `bigquery.reservations.listFailoverDatasets` `bigquery.reservations.update` `bigquery.reservations.use` `bigquery.routines.` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.routines.updateTag` `bigquery.rowAccessPolicies.create` `bigquery.rowAccessPolicies.delete` `bigquery.rowAccessPolicies.get` `bigquery.rowAccessPolicies.getIamPolicy` `bigquery.rowAccessPolicies.list` `bigquery.rowAccessPolicies.overrideTimeTravelRestrictions` `bigquery.rowAccessPolicies.setIamPolicy` `bigquery.rowAccessPolicies.update` `bigquery.savedqueries.` `bigquery.savedqueries.create` `bigquery.savedqueries.delete` `bigquery.savedqueries.get` `bigquery.savedqueries.list` `bigquery.savedqueries.update` `bigquery.tables.` `bigquery.tables.create` `bigquery.tables.createIndex` `bigquery.tables.createSnapshot` `bigquery.tables.createTagBinding` `bigquery.tables.delete` `bigquery.tables.deleteIndex` `bigquery.tables.deleteSnapshot` `bigquery.tables.deleteTagBinding` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.getIamPolicy` `bigquery.tables.list` `bigquery.tables.listEffectiveTags` `bigquery.tables.listTagBindings` `bigquery.tables.replicateData` `bigquery.tables.restoreSnapshot` `bigquery.tables.setCategory` `bigquery.tables.setColumnDataPolicy` `bigquery.tables.setIamPolicy` `bigquery.tables.update` `bigquery.tables.updateData` `bigquery.tables.updateIndex` `bigquery.tables.updateTag` `bigquery.transfers.` `bigquery.transfers.get` `bigquery.transfers.update` `bigquerymigration.translation.translate` `datacatalog.catalogs.searchAll` `datacatalog.categories.getIamPolicy` `datacatalog.categories.setIamPolicy` `datacatalog.entries.get` `datacatalog.taxonomies.create` `datacatalog.taxonomies.delete` `datacatalog.taxonomies.get` `datacatalog.taxonomies.list` `datacatalog.taxonomies.update` `dataform.` `dataform.commentThreads.create` `dataform.commentThreads.delete` `dataform.commentThreads.get` `dataform.commentThreads.list` `dataform.commentThreads.update` `dataform.comments.create` `dataform.comments.delete` `dataform.comments.get` `dataform.comments.list` `dataform.comments.update` `dataform.compilationResults.create` `dataform.compilationResults.get` `dataform.compilationResults.list` `dataform.compilationResults.query` `dataform.config.get` `dataform.config.update` `dataform.locations.get` `dataform.locations.list` `dataform.releaseConfigs.create` `dataform.releaseConfigs.delete` `dataform.releaseConfigs.get` `dataform.releaseConfigs.list` `dataform.releaseConfigs.update` `dataform.repositories.commit` `dataform.repositories.computeAccessTokenStatus` `dataform.repositories.create` `dataform.repositories.delete` `dataform.repositories.fetchHistory` `dataform.repositories.fetchRemoteBranches` `dataform.repositories.get` `dataform.repositories.getIamPolicy` `dataform.repositories.list` `dataform.repositories.queryDirectoryContents` `dataform.repositories.readFile` `dataform.repositories.setIamPolicy` `dataform.repositories.update` `dataform.workflowConfigs.create` `dataform.workflowConfigs.delete` `dataform.workflowConfigs.get` `dataform.workflowConfigs.list` `dataform.workflowConfigs.update` `dataform.workflowInvocations.cancel` `dataform.workflowInvocations.create` `dataform.workflowInvocations.delete` `dataform.workflowInvocations.get` `dataform.workflowInvocations.list` `dataform.workflowInvocations.query` `dataform.workspaces.commit` `dataform.workspaces.create` `dataform.workspaces.delete` `dataform.workspaces.fetchFileDiff` `dataform.workspaces.fetchFileGitStatuses` `dataform.workspaces.fetchGitAheadBehind` `dataform.workspaces.get` `dataform.workspaces.getIamPolicy` `dataform.workspaces.installNpmPackages` `dataform.workspaces.list` `dataform.workspaces.makeDirectory` `dataform.workspaces.moveDirectory` `dataform.workspaces.moveFile` `dataform.workspaces.pull` `dataform.workspaces.push` `dataform.workspaces.queryDirectoryContents` `dataform.workspaces.readFile` `dataform.workspaces.removeDirectory` `dataform.workspaces.removeFile` `dataform.workspaces.reset` `dataform.workspaces.searchFiles` `dataform.workspaces.setIamPolicy` `dataform.workspaces.writeFile` `dataplex.assets.getIamPolicy` `dataplex.datascans.` `dataplex.datascans.create` `dataplex.datascans.delete` `dataplex.datascans.get` `dataplex.datascans.getData` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.datascans.run` `dataplex.datascans.setIamPolicy` `dataplex.datascans.update` `dataplex.environments.execute` `dataplex.environments.get` `dataplex.environments.list` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.operations.get` `dataplex.operations.list` `dataplex.projects.search` `dataplex.zones.getIamPolicy` `dataproc.batches.cancel` `dataproc.batches.create` `dataproc.batches.get` `dataproc.operations.cancel` `dataproc.operations.get` `dataproc.operations.list` `firebase.projects.get` `iam.serviceAccounts.actAs` `logging.logEntries.create` `logging.logEntries.route` `metastore.services.get` `monitoring.metricDescriptors.create` `monitoring.metricDescriptors.get` `monitoring.metricDescriptors.list` `monitoring.monitoredResourceDescriptors.` `monitoring.monitoredResourceDescriptors.get` `monitoring.monitoredResourceDescriptors.list` `monitoring.timeSeries.create` `orgpolicy.policy.get` `recommender.iamPolicyInsights.` `recommender.iamPolicyInsights.get` `recommender.iamPolicyInsights.list` `recommender.iamPolicyInsights.update` `recommender.iamPolicyRecommendations.` `recommender.iamPolicyRecommendations.get` `recommender.iamPolicyRecommendations.list` `recommender.iamPolicyRecommendations.update` `recommender.storageBucketSoftDeleteInsights.` `recommender.storageBucketSoftDeleteInsights.get` `recommender.storageBucketSoftDeleteInsights.list` `recommender.storageBucketSoftDeleteInsights.update` `recommender.storageBucketSoftDeleteRecommendations.` `recommender.storageBucketSoftDeleteRecommendations.get` `recommender.storageBucketSoftDeleteRecommendations.list` `recommender.storageBucketSoftDeleteRecommendations.update` `resourcemanager.hierarchyNodes.listEffectiveTags` `resourcemanager.projects.get` `resourcemanager.projects.list` `servicemanagement.services.report` `serviceusage.services.use` `storage.anywhereCaches.` `storage.anywhereCaches.create` `storage.anywhereCaches.disable` `storage.anywhereCaches.get` `storage.anywhereCaches.list` `storage.anywhereCaches.pause` `storage.anywhereCaches.resume` `storage.anywhereCaches.update` `storage.bucketOperations.` `storage.bucketOperations.cancel` `storage.bucketOperations.get` `storage.bucketOperations.list` `storage.buckets.` `storage.buckets.create` `storage.buckets.createTagBinding` `storage.buckets.delete` `storage.buckets.deleteTagBinding` `storage.buckets.enableObjectRetention` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.getIpFilter` `storage.buckets.getObjectInsights` `storage.buckets.list` `storage.buckets.listEffectiveTags` `storage.buckets.listTagBindings` `storage.buckets.relocate` `storage.buckets.restore` `storage.buckets.setIamPolicy` `storage.buckets.setIpFilter` `storage.buckets.update` `storage.folders.` `storage.folders.create` `storage.folders.delete` `storage.folders.get` `storage.folders.list` `storage.folders.rename` `storage.intelligenceConfigs.` `storage.intelligenceConfigs.get` `storage.intelligenceConfigs.update` `storage.managedFolders.` `storage.managedFolders.create` `storage.managedFolders.delete` `storage.managedFolders.get` `storage.managedFolders.getIamPolicy` `storage.managedFolders.list` `storage.managedFolders.setIamPolicy` `storage.multipartUploads.` `storage.multipartUploads.abort` `storage.multipartUploads.create` `storage.multipartUploads.list` `storage.multipartUploads.listParts` `storage.objects.*` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.getIamPolicy` `storage.objects.list` `storage.objects.move` `storage.objects.overrideUnlockedRetention` `storage.objects.restore` `storage.objects.setIamPolicy` `storage.objects.setRetention` `storage.objects.update`
Dataplex Storage Data Owner (`roles/dataplex.storageDataOwner`) Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.create` `bigquery.models.delete` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.models.updateData` `bigquery.models.updateMetadata` `bigquery.routines.create` `bigquery.routines.delete` `bigquery.routines.get` `bigquery.routines.list` `bigquery.routines.update` `bigquery.tables.create` `bigquery.tables.createSnapshot` `bigquery.tables.delete` `bigquery.tables.deleteSnapshot` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `bigquery.tables.restoreSnapshot` `bigquery.tables.update` `bigquery.tables.updateData` `storage.buckets.get` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Dataplex Storage Data Reader (`roles/dataplex.storageDataReader`) Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.datasets.get` `bigquery.models.export` `bigquery.models.getData` `bigquery.models.getMetadata` `bigquery.models.list` `bigquery.routines.get` `bigquery.routines.list` `bigquery.tables.export` `bigquery.tables.get` `bigquery.tables.getData` `bigquery.tables.list` `storage.buckets.get` `storage.objects.get` `storage.objects.list`
Dataplex Storage Data Writer (`roles/dataplex.storageDataWriter`) Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.	`bigquery.tables.updateData` `storage.objects.create` `storage.objects.delete` `storage.objects.update`
Dataplex Taxonomy Administrator (`roles/dataplex.taxonomyAdmin`) Full access to DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.*` `dataplex.dataAttributes.bind` `dataplex.dataAttributes.create` `dataplex.dataAttributes.delete` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataAttributes.setIamPolicy` `dataplex.dataAttributes.update` `dataplex.dataTaxonomies.create` `dataplex.dataTaxonomies.delete` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.dataTaxonomies.setIamPolicy` `dataplex.dataTaxonomies.update`
Dataplex Taxonomy Viewer (`roles/dataplex.taxonomyViewer`) Read access on DataTaxonomy, DataAttribute resources.	`dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list`
Dataplex Viewer (`roles/dataplex.viewer`) Read access to Dataplex resources.	`cloudasset.assets.analyzeIamPolicy` `dataplex.assetActions.list` `dataplex.assets.get` `dataplex.assets.getIamPolicy` `dataplex.assets.list` `dataplex.content.get` `dataplex.content.getIamPolicy` `dataplex.content.list` `dataplex.dataAttributeBindings.get` `dataplex.dataAttributeBindings.getIamPolicy` `dataplex.dataAttributeBindings.list` `dataplex.dataAttributes.get` `dataplex.dataAttributes.getIamPolicy` `dataplex.dataAttributes.list` `dataplex.dataTaxonomies.get` `dataplex.dataTaxonomies.getIamPolicy` `dataplex.dataTaxonomies.list` `dataplex.datascans.get` `dataplex.datascans.getIamPolicy` `dataplex.datascans.list` `dataplex.environments.get` `dataplex.environments.getIamPolicy` `dataplex.environments.list` `dataplex.lakeActions.list` `dataplex.lakes.get` `dataplex.lakes.getIamPolicy` `dataplex.lakes.list` `dataplex.operations.get` `dataplex.operations.list` `dataplex.tasks.get` `dataplex.tasks.getIamPolicy` `dataplex.tasks.list` `dataplex.zoneActions.list` `dataplex.zones.get` `dataplex.zones.getIamPolicy` `dataplex.zones.list`

Dataplex Administrator

(roles/dataplex.admin)

Full access to Dataplex resources, except Dataplex Catalog.

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.setIamPolicy

dataplex.assets.update

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.*

dataplex.dataTaxonomies.configureDataAccess
dataplex.dataTaxonomies.configureResourceAccess
dataplex.dataTaxonomies.create
dataplex.dataTaxonomies.delete
dataplex.dataTaxonomies.get
dataplex.dataTaxonomies.getIamPolicy
dataplex.dataTaxonomies.list
dataplex.dataTaxonomies.setIamPolicy
dataplex.dataTaxonomies.update

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.entries.link

dataplex.entryGroups.export

dataplex.entryGroups.import

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.environments.*

dataplex.environments.create
dataplex.environments.delete
dataplex.environments.execute
dataplex.environments.get
dataplex.environments.getIamPolicy
dataplex.environments.list
dataplex.environments.setIamPolicy
dataplex.environments.update

dataplex.glossaries.*

dataplex.glossaries.create
dataplex.glossaries.delete
dataplex.glossaries.get
dataplex.glossaries.getIamPolicy
dataplex.glossaries.import
dataplex.glossaries.list
dataplex.glossaries.setIamPolicy
dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.lakeActions.list

dataplex.lakes.*

dataplex.lakes.create
dataplex.lakes.delete
dataplex.lakes.get
dataplex.lakes.getIamPolicy
dataplex.lakes.list
dataplex.lakes.setIamPolicy
dataplex.lakes.update

dataplex.locations.*

dataplex.locations.get
dataplex.locations.list

dataplex.metadataJobs.*

dataplex.metadataJobs.cancel
dataplex.metadataJobs.create
dataplex.metadataJobs.get
dataplex.metadataJobs.list

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.tasks.*

dataplex.tasks.cancel
dataplex.tasks.create
dataplex.tasks.delete
dataplex.tasks.get
dataplex.tasks.getIamPolicy
dataplex.tasks.list
dataplex.tasks.run
dataplex.tasks.setIamPolicy
dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.*

dataplex.zones.create
dataplex.zones.delete
dataplex.zones.get
dataplex.zones.getIamPolicy
dataplex.zones.list
dataplex.zones.setIamPolicy
dataplex.zones.update

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type Owner

(roles/dataplex.aspectTypeOwner)

Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Aspect Type User

(roles/dataplex.aspectTypeUser)

Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Binding Administrator

(roles/dataplex.bindingAdmin)

Full access on DataAttribute Bindig resources.

dataplex.dataAttributeBindings.*

dataplex.dataAttributeBindings.create
dataplex.dataAttributeBindings.delete
dataplex.dataAttributeBindings.get
dataplex.dataAttributeBindings.getIamPolicy
dataplex.dataAttributeBindings.list
dataplex.dataAttributeBindings.setIamPolicy
dataplex.dataAttributeBindings.update

Dataplex Catalog Admin

(roles/dataplex.catalogAdmin)

Has full access to Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useDataQualityScorecardAspect
dataplex.entryGroups.useDefinitionEntryLink
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useRelatedEntryLink
dataplex.entryGroups.useSchemaAspect
dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.glossaries.*

dataplex.glossaries.create
dataplex.glossaries.delete
dataplex.glossaries.get
dataplex.glossaries.getIamPolicy
dataplex.glossaries.import
dataplex.glossaries.list
dataplex.glossaries.setIamPolicy
dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Editor

(roles/dataplex.catalogEditor)

Has write access to Catalog resources. Cannot set IAM policies on resources

datacatalog.migrationConfig.get

dataplex.aspectTypes.create

dataplex.aspectTypes.delete

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.aspectTypes.update

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.create

dataplex.entryGroups.delete

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryGroups.update

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useDataQualityScorecardAspect

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSchemaAspect

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.create

dataplex.entryLinks.delete

dataplex.entryLinks.get

dataplex.entryTypes.create

dataplex.entryTypes.delete

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.entryTypes.update

dataplex.entryTypes.use

dataplex.glossaries.create

dataplex.glossaries.delete

dataplex.glossaries.get

dataplex.glossaries.getIamPolicy

dataplex.glossaries.list

dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Catalog Viewer

(roles/dataplex.catalogViewer)

Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types, Entry Link Types, Entries and Entry Links. Can view IAM policies on Catalog resources.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryLinks.get

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.glossaries.get

dataplex.glossaries.getIamPolicy

dataplex.glossaries.list

dataplex.glossaryCategories.get

dataplex.glossaryCategories.list

dataplex.glossaryTerms.get

dataplex.glossaryTerms.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Data Owner

(roles/dataplex.dataOwner)

Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.ownData

dataplex.assets.readData

dataplex.assets.writeData

Dataplex Data Reader

(roles/dataplex.dataReader)

Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.readData

Dataplex DataScan Administrator

(roles/dataplex.dataScanAdmin)

Full access to DataScan resources.

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Creator

(roles/dataplex.dataScanCreator)

Access to create new DataScan resources.

dataplex.datascans.create

dataplex.datascans.get

dataplex.datascans.list

dataplex.operations.get

Dataplex DataScan DataViewer

(roles/dataplex.dataScanDataViewer)

Read access to DataScan resources and additional contents.

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex DataScan Editor

(roles/dataplex.dataScanEditor)

Write access to DataScan resources.

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getData

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.operations.get

dataplex.operations.list

Dataplex DataScan Viewer

(roles/dataplex.dataScanViewer)

Read access to DataScan resources.

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

Dataplex Data Writer

(roles/dataplex.dataWriter)

Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.

dataplex.assets.writeData

Dataplex Developer

(roles/dataplex.developer)

Allows running data analytics workloads in a lake.

dataplex.content.*

dataplex.content.create
dataplex.content.delete
dataplex.content.get
dataplex.content.getIamPolicy
dataplex.content.list
dataplex.content.setIamPolicy
dataplex.content.update

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

Dataplex Discovery BigLake Publishing Service Agent

(roles/dataplex.discoveryBigLakePublishingServiceAgent)

Gives the Dataplex Discovery Service Agent permissions to use bigquery connection.

bigquery.connections.delegate

bigquery.connections.use

Dataplex Discovery Publishing Service Agent

(roles/dataplex.discoveryPublishingServiceAgent)

Gives the Dataplex Discovery Service Agent dataset create and get permissions.

bigquery.datasets.create

bigquery.datasets.get

Dataplex Discovery Service Agent

(roles/dataplex.discoveryServiceAgent)

Gives the Dataplex Discovery Service Agent bucket read permissions.

storage.buckets.get

storage.objects.get

storage.objects.list

Dataplex Editor

(roles/dataplex.editor)

Write access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.create

dataplex.assets.delete

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.assets.update

dataplex.content.delete

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.create

dataplex.dataAttributeBindings.delete

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributeBindings.update

dataplex.dataAttributes.bind

dataplex.dataAttributes.create

dataplex.dataAttributes.delete

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataAttributes.update

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.update

dataplex.datascans.create

dataplex.datascans.delete

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.datascans.run

dataplex.datascans.update

dataplex.environments.create

dataplex.environments.delete

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.environments.update

dataplex.lakeActions.list

dataplex.lakes.create

dataplex.lakes.delete

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.lakes.update

dataplex.operations.*

dataplex.operations.cancel
dataplex.operations.delete
dataplex.operations.get
dataplex.operations.list

dataplex.tasks.cancel

dataplex.tasks.create

dataplex.tasks.delete

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.tasks.run

dataplex.tasks.update

dataplex.zoneActions.list

dataplex.zones.create

dataplex.zones.delete

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

dataplex.zones.update

Dataplex Encryption Admin

(roles/dataplex.encryptionAdmin)

Gives user permissions to manage encryption config.

dataplex.encryptionConfig.*

dataplex.encryptionConfig.create
dataplex.encryptionConfig.delete
dataplex.encryptionConfig.get
dataplex.encryptionConfig.list
dataplex.encryptionConfig.update

dataplex.operations.get

dataplex.operations.list

Dataplex Entry Group Exporter

(roles/dataplex.entryGroupExporter)

Grants access to export this entry group for Metadata Job processing.

dataplex.entryGroups.export

dataplex.entryGroups.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Group Importer

(roles/dataplex.entryGroupImporter)

Grants access to import this entry group for Metadata Job processing.

dataplex.entryGroups.get

dataplex.entryGroups.import

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Group Owner

(roles/dataplex.entryGroupOwner)

Owns Entry Groups and Entries inside of them.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useDataQualityScorecardAspect
dataplex.entryGroups.useDefinitionEntryLink
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useRelatedEntryLink
dataplex.entryGroups.useSchemaAspect
dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry and EntryLink Owner

(roles/dataplex.entryOwner)

Owns Metadata Entries and EntryLinks.

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useDataQualityScorecardAspect

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSchemaAspect

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type Owner

(roles/dataplex.entryTypeOwner)

Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.

datacatalog.migrationConfig.get

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Entry Type User

(roles/dataplex.entryTypeUser)

Grants access to use Entry Types to create/modify Entries of those types.

datacatalog.migrationConfig.get

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Job Owner

(roles/dataplex.metadataJobOwner)

Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.

dataplex.metadataJobs.*

dataplex.metadataJobs.cancel
dataplex.metadataJobs.create
dataplex.metadataJobs.get
dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Job Viewer

(roles/dataplex.metadataJobViewer)

Read access to Metadata Job resources.

dataplex.metadataJobs.get

dataplex.metadataJobs.list

dataplex.operations.get

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Reader

(roles/dataplex.metadataReader)

Read only access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.get

dataplex.entities.list

dataplex.partitions.get

dataplex.partitions.list

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Metadata Writer

(roles/dataplex.metadataWriter)

Write and Read access to metadata.

dataplex.assets.get

dataplex.assets.list

dataplex.entities.*

dataplex.entities.create
dataplex.entities.delete
dataplex.entities.get
dataplex.entities.list
dataplex.entities.update

dataplex.partitions.*

dataplex.partitions.create
dataplex.partitions.delete
dataplex.partitions.get
dataplex.partitions.list
dataplex.partitions.update

dataplex.zones.get

dataplex.zones.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataplex Security Administrator

(roles/dataplex.securityAdmin)

Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.

dataplex.dataTaxonomies.configureDataAccess

dataplex.dataTaxonomies.configureResourceAccess

Cloud Dataplex Service Agent

(roles/dataplex.serviceAgent)

Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.

bigquery.bireservations.*

bigquery.bireservations.get
bigquery.bireservations.update

bigquery.capacityCommitments.*

bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.capacityCommitments.update

bigquery.config.*

bigquery.config.get
bigquery.config.update

bigquery.connections.*

bigquery.connections.create
bigquery.connections.delegate
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.updateTag
bigquery.connections.use

bigquery.dataPolicies.create

bigquery.dataPolicies.delete

bigquery.dataPolicies.get

bigquery.dataPolicies.getIamPolicy

bigquery.dataPolicies.list

bigquery.dataPolicies.setIamPolicy

bigquery.dataPolicies.update

bigquery.datasets.*

bigquery.datasets.create
bigquery.datasets.createTagBinding
bigquery.datasets.delete
bigquery.datasets.deleteTagBinding
bigquery.datasets.get
bigquery.datasets.getIamPolicy
bigquery.datasets.link
bigquery.datasets.listEffectiveTags
bigquery.datasets.listSharedDatasetUsage
bigquery.datasets.listTagBindings
bigquery.datasets.setIamPolicy
bigquery.datasets.update
bigquery.datasets.updateTag

bigquery.jobs.*

bigquery.jobs.create
bigquery.jobs.delete
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.listAll
bigquery.jobs.listExecutionMetadata
bigquery.jobs.update

bigquery.models.*

bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
bigquery.models.updateTag

bigquery.objectRefs.*

bigquery.objectRefs.read
bigquery.objectRefs.write

bigquery.readsessions.*

bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update

bigquery.reservationAssignments.*

bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search

bigquery.reservationGroups.*

bigquery.reservationGroups.create
bigquery.reservationGroups.delete
bigquery.reservationGroups.get
bigquery.reservationGroups.list

bigquery.reservations.*

bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.listFailoverDatasets
bigquery.reservations.update
bigquery.reservations.use

bigquery.routines.*

bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
bigquery.routines.updateTag

bigquery.rowAccessPolicies.create

bigquery.rowAccessPolicies.delete

bigquery.rowAccessPolicies.get

bigquery.rowAccessPolicies.getIamPolicy

bigquery.rowAccessPolicies.list

bigquery.rowAccessPolicies.overrideTimeTravelRestrictions

bigquery.rowAccessPolicies.setIamPolicy

bigquery.rowAccessPolicies.update

bigquery.savedqueries.*

bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update

bigquery.tables.*

bigquery.tables.create
bigquery.tables.createIndex
bigquery.tables.createSnapshot
bigquery.tables.createTagBinding
bigquery.tables.delete
bigquery.tables.deleteIndex
bigquery.tables.deleteSnapshot
bigquery.tables.deleteTagBinding
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.getIamPolicy
bigquery.tables.list
bigquery.tables.listEffectiveTags
bigquery.tables.listTagBindings
bigquery.tables.replicateData
bigquery.tables.restoreSnapshot
bigquery.tables.setCategory
bigquery.tables.setColumnDataPolicy
bigquery.tables.setIamPolicy
bigquery.tables.update
bigquery.tables.updateData
bigquery.tables.updateIndex
bigquery.tables.updateTag

bigquery.transfers.*

bigquery.transfers.get
bigquery.transfers.update

bigquerymigration.translation.translate

datacatalog.catalogs.searchAll

datacatalog.categories.getIamPolicy

datacatalog.categories.setIamPolicy

datacatalog.entries.get

datacatalog.taxonomies.create

datacatalog.taxonomies.delete

datacatalog.taxonomies.get

datacatalog.taxonomies.list

datacatalog.taxonomies.update

dataform.*

dataform.commentThreads.create
dataform.commentThreads.delete
dataform.commentThreads.get
dataform.commentThreads.list
dataform.commentThreads.update
dataform.comments.create
dataform.comments.delete
dataform.comments.get
dataform.comments.list
dataform.comments.update
dataform.compilationResults.create
dataform.compilationResults.get
dataform.compilationResults.list
dataform.compilationResults.query
dataform.config.get
dataform.config.update
dataform.locations.get
dataform.locations.list
dataform.releaseConfigs.create
dataform.releaseConfigs.delete
dataform.releaseConfigs.get
dataform.releaseConfigs.list
dataform.releaseConfigs.update
dataform.repositories.commit
dataform.repositories.computeAccessTokenStatus
dataform.repositories.create
dataform.repositories.delete
dataform.repositories.fetchHistory
dataform.repositories.fetchRemoteBranches
dataform.repositories.get
dataform.repositories.getIamPolicy
dataform.repositories.list
dataform.repositories.queryDirectoryContents
dataform.repositories.readFile
dataform.repositories.setIamPolicy
dataform.repositories.update
dataform.workflowConfigs.create
dataform.workflowConfigs.delete
dataform.workflowConfigs.get
dataform.workflowConfigs.list
dataform.workflowConfigs.update
dataform.workflowInvocations.cancel
dataform.workflowInvocations.create
dataform.workflowInvocations.delete
dataform.workflowInvocations.get
dataform.workflowInvocations.list
dataform.workflowInvocations.query
dataform.workspaces.commit
dataform.workspaces.create
dataform.workspaces.delete
dataform.workspaces.fetchFileDiff
dataform.workspaces.fetchFileGitStatuses
dataform.workspaces.fetchGitAheadBehind
dataform.workspaces.get
dataform.workspaces.getIamPolicy
dataform.workspaces.installNpmPackages
dataform.workspaces.list
dataform.workspaces.makeDirectory
dataform.workspaces.moveDirectory
dataform.workspaces.moveFile
dataform.workspaces.pull
dataform.workspaces.push
dataform.workspaces.queryDirectoryContents
dataform.workspaces.readFile
dataform.workspaces.removeDirectory
dataform.workspaces.removeFile
dataform.workspaces.reset
dataform.workspaces.searchFiles
dataform.workspaces.setIamPolicy
dataform.workspaces.writeFile

dataplex.assets.getIamPolicy

dataplex.datascans.*

dataplex.datascans.create
dataplex.datascans.delete
dataplex.datascans.get
dataplex.datascans.getData
dataplex.datascans.getIamPolicy
dataplex.datascans.list
dataplex.datascans.run
dataplex.datascans.setIamPolicy
dataplex.datascans.update

dataplex.environments.execute

dataplex.environments.get

dataplex.environments.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.operations.get

dataplex.operations.list

dataplex.projects.search

dataplex.zones.getIamPolicy

dataproc.batches.cancel

dataproc.batches.create

dataproc.batches.get

dataproc.operations.cancel

dataproc.operations.get

dataproc.operations.list

firebase.projects.get

iam.serviceAccounts.actAs

logging.logEntries.create

logging.logEntries.route

metastore.services.get

monitoring.metricDescriptors.create

monitoring.metricDescriptors.get

monitoring.metricDescriptors.list

monitoring.monitoredResourceDescriptors.*

monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list

monitoring.timeSeries.create

orgpolicy.policy.get

recommender.iamPolicyInsights.*

recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update

recommender.iamPolicyRecommendations.*

recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update

recommender.storageBucketSoftDeleteInsights.*

recommender.storageBucketSoftDeleteInsights.get
recommender.storageBucketSoftDeleteInsights.list
recommender.storageBucketSoftDeleteInsights.update

recommender.storageBucketSoftDeleteRecommendations.*

recommender.storageBucketSoftDeleteRecommendations.get
recommender.storageBucketSoftDeleteRecommendations.list
recommender.storageBucketSoftDeleteRecommendations.update

resourcemanager.hierarchyNodes.listEffectiveTags

resourcemanager.projects.get

resourcemanager.projects.list

servicemanagement.services.report

serviceusage.services.use

storage.anywhereCaches.*

storage.anywhereCaches.create
storage.anywhereCaches.disable
storage.anywhereCaches.get
storage.anywhereCaches.list
storage.anywhereCaches.pause
storage.anywhereCaches.resume
storage.anywhereCaches.update

storage.bucketOperations.*

storage.bucketOperations.cancel
storage.bucketOperations.get
storage.bucketOperations.list

storage.buckets.*

storage.buckets.create
storage.buckets.createTagBinding
storage.buckets.delete
storage.buckets.deleteTagBinding
storage.buckets.enableObjectRetention
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.getIpFilter
storage.buckets.getObjectInsights
storage.buckets.list
storage.buckets.listEffectiveTags
storage.buckets.listTagBindings
storage.buckets.relocate
storage.buckets.restore
storage.buckets.setIamPolicy
storage.buckets.setIpFilter
storage.buckets.update

storage.folders.*

storage.folders.create
storage.folders.delete
storage.folders.get
storage.folders.list
storage.folders.rename

storage.intelligenceConfigs.*

storage.intelligenceConfigs.get
storage.intelligenceConfigs.update

storage.managedFolders.*

storage.managedFolders.create
storage.managedFolders.delete
storage.managedFolders.get
storage.managedFolders.getIamPolicy
storage.managedFolders.list
storage.managedFolders.setIamPolicy

storage.multipartUploads.*

storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.list
storage.multipartUploads.listParts

storage.objects.*

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.move
storage.objects.overrideUnlockedRetention
storage.objects.restore
storage.objects.setIamPolicy
storage.objects.setRetention
storage.objects.update

Dataplex Storage Data Owner

(roles/dataplex.storageDataOwner)

Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.create

bigquery.models.delete

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.models.updateData

bigquery.models.updateMetadata

bigquery.routines.create

bigquery.routines.delete

bigquery.routines.get

bigquery.routines.list

bigquery.routines.update

bigquery.tables.create

bigquery.tables.createSnapshot

bigquery.tables.delete

bigquery.tables.deleteSnapshot

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

bigquery.tables.restoreSnapshot

bigquery.tables.update

bigquery.tables.updateData

storage.buckets.get

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Dataplex Storage Data Reader

(roles/dataplex.storageDataReader)

Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.datasets.get

bigquery.models.export

bigquery.models.getData

bigquery.models.getMetadata

bigquery.models.list

bigquery.routines.get

bigquery.routines.list

bigquery.tables.export

bigquery.tables.get

bigquery.tables.getData

bigquery.tables.list

storage.buckets.get

storage.objects.get

storage.objects.list

Dataplex Storage Data Writer

(roles/dataplex.storageDataWriter)

Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like Cloud Storage buckets, BigQuery datasets etc.

bigquery.tables.updateData

storage.objects.create

storage.objects.delete

storage.objects.update

Dataplex Taxonomy Administrator

(roles/dataplex.taxonomyAdmin)

Full access to DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.*

dataplex.dataAttributes.bind
dataplex.dataAttributes.create
dataplex.dataAttributes.delete
dataplex.dataAttributes.get
dataplex.dataAttributes.getIamPolicy
dataplex.dataAttributes.list
dataplex.dataAttributes.setIamPolicy
dataplex.dataAttributes.update

dataplex.dataTaxonomies.create

dataplex.dataTaxonomies.delete

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.dataTaxonomies.setIamPolicy

dataplex.dataTaxonomies.update

Dataplex Taxonomy Viewer

(roles/dataplex.taxonomyViewer)

Read access on DataTaxonomy, DataAttribute resources.

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

Dataplex Viewer

(roles/dataplex.viewer)

Read access to Dataplex resources.

cloudasset.assets.analyzeIamPolicy

dataplex.assetActions.list

dataplex.assets.get

dataplex.assets.getIamPolicy

dataplex.assets.list

dataplex.content.get

dataplex.content.getIamPolicy

dataplex.content.list

dataplex.dataAttributeBindings.get

dataplex.dataAttributeBindings.getIamPolicy

dataplex.dataAttributeBindings.list

dataplex.dataAttributes.get

dataplex.dataAttributes.getIamPolicy

dataplex.dataAttributes.list

dataplex.dataTaxonomies.get

dataplex.dataTaxonomies.getIamPolicy

dataplex.dataTaxonomies.list

dataplex.datascans.get

dataplex.datascans.getIamPolicy

dataplex.datascans.list

dataplex.environments.get

dataplex.environments.getIamPolicy

dataplex.environments.list

dataplex.lakeActions.list

dataplex.lakes.get

dataplex.lakes.getIamPolicy

dataplex.lakes.list

dataplex.operations.get

dataplex.operations.list

dataplex.tasks.get

dataplex.tasks.getIamPolicy

dataplex.tasks.list

dataplex.zoneActions.list

dataplex.zones.get

dataplex.zones.getIamPolicy

dataplex.zones.list

資料歷程的預先定義角色

如要存取任何 Dataplex Universal Catalog 項目歷程，您必須擁有該項目的存取權。如要存取 Dataplex Universal Catalog 項目，您必須在儲存 Dataplex Universal Catalog 項目的專案中，具備相應系統資源的檢視者角色，或是 Dataplex Catalog 檢視者角色 (roles/dataplex.catalogViewer)。本節說明查看沿襲所需的角色。

歷程檢視者角色

資料歷程檢視者角色 (roles/datalineage.viewer) 可讓您在 Google Cloud 控制台中查看 Dataplex Universal Catalog 歷程，並使用 Data Lineage API 讀取歷程資訊。特定程序的執行和事件都會儲存在與程序相同的專案中。如果是自動沿襲，系統會將程序、執行作業和事件儲存在產生沿襲的作業執行所在專案。舉例來說，這可能是執行 BigQuery 工作的專案。

您需要不同的角色才能查看資產之間的沿襲，以及查看資產的中繼資料。如要查看前者，您需要資料沿襲檢視者角色 (roles/datalineage.viewer)。如要查看後者，您需要與存取 Dataplex Universal Catalog 中繼資料項目時相同的角色。

查看兩個資產之間歷程的角色

如要查看資產之間的歷程，您必須在下列專案中具備資料歷程檢視者角色 (roles/datalineage.viewer)：

您正在查看沿襲的專案 (稱為有效專案)，也就是 Google Cloud 控制台頂端下拉式選單中的專案，或是發出 API 呼叫的專案。這通常是包含您要在 Dataplex Universal Catalog 中建立或透過 API 在其他 Google Cloud 系統中存取的資源的專案。
記錄沿襲資訊的專案 (稱為「運算專案」)。如前所述，沿革會儲存在執行相應程序的專案中。這個專案可以與儲存您要查看沿襲的資產的專案不同。

如要進一步瞭解如何授予角色，請參閱管理存取權。您或許還可透過自訂角色或其他預先定義的角色取得必要權限。

視用途而定，在資料夾或機構層級授予資料沿革檢視者角色 (roles/datalineage.viewer)，確保可存取沿革 (請參閱「授予或撤銷單一角色」)。只能透過 Google Cloud CLI 授予資料沿襲所需的角色。

查看歷程時可查看資產中繼資料的角色

如果資產的中繼資料儲存在 Dataplex Universal Catalog 中，您必須在對應的系統資源或 Dataplex Catalog 檢視者角色 (roles/dataplex.catalogViewer) 中擁有檢視者角色，才能查看該中繼資料。此外，您也必須在儲存 Dataplex Universal Catalog 項目的專案中，擁有 Dataplex Catalog 檢視者角色。您可能透過適當的檢視者角色存取沿襲圖或清單中的資產，但無法存取這些資產之間的沿襲。如果您在記錄沿襲的專案中沒有 Data Lineage 檢視者角色 (roles/datalineage.viewer)，就會發生這種情況。在這種情況下，為避免洩漏有關沿襲存在與否的資訊，Data Lineage API 和 Google Cloud 控制台不會顯示沿襲，也不會傳回錯誤。因此，如果資產沒有沿襲記錄，不代表該資產沒有沿襲記錄，而是您可能無法存取該沿襲記錄。

資料歷程事件產生者角色

資料歷程事件產生者角色 (roles/datalineage.producer) 可讓使用者透過 Data Lineage API 手動記錄歷程資訊。

資料歷程編輯者角色

資料歷程編輯者角色 (roles/datalineage.editor) 可讓使用者透過 Data Lineage API 手動修改歷程資訊。

資料歷程管理員角色

資料歷程管理員角色 (roles/datalineage.admin) 可讓使用者執行本節列出的所有歷程作業。

資料角色

Dataplex Universal Catalog 定義了下列 IAM 角色，適用於 Dataplex Universal Catalog 管理的任何資源。如要進一步瞭解與各角色相關聯的權限，請參閱本文的「預先定義角色」一節。

資料角色	功能	原因
Dataplex 資料擁有者 (`roles/dataplex.dataOwner`)	管理資源的所有權限。以及所有子項資源的所有權限 (不論資源類型)。	資料擁有者可以更新資源中繼資料、授予更精細的權限 (例如 BigQuery 資料集的子資料表權限)，以及建立子資源，此外還有各種其他權限。他們擁有資源的完整擁有權。
Dataplex 資料讀取者 (`roles/dataplex.dataReader`)	可讀取受管理資源及其子項中的資料。並可讀取受管理資源及其子項的中繼資料。	可讀取資料和中繼資料。
Dataplex 資料寫入者 (`roles/dataplex.dataWriter`)	可建立/更新/刪除資料 (而非中繼資料)。	啟用核心 Dataplex Universal Catalog 使用者歷程。

Dataplex Universal Catalog 身分與存取權管理角色 透過集合功能整理內容 你可以依據偏好儲存及分類內容。

關於 Dataplex Universal Catalog 角色

基本角色

Dataplex Universal Catalog 的預先定義角色

Dataplex Administrator

Dataplex Aspect Type Owner

Dataplex Aspect Type User

Dataplex Binding Administrator

Dataplex Catalog Admin

Dataplex Catalog Editor

Dataplex Catalog Viewer

Dataplex Data Owner

Dataplex Data Reader

Dataplex DataScan Administrator

Dataplex DataScan Creator

Dataplex DataScan DataViewer

Dataplex DataScan Editor

Dataplex DataScan Viewer

Dataplex Data Writer

Dataplex Developer

Dataplex Discovery BigLake Publishing Service Agent

Dataplex Discovery Publishing Service Agent

Dataplex Discovery Service Agent

Dataplex Editor

Dataplex Encryption Admin

Dataplex Entry Group Exporter

Dataplex Entry Group Importer

Dataplex Entry Group Owner

Dataplex Entry and EntryLink Owner

Dataplex Entry Type Owner

Dataplex Entry Type User

Dataplex Metadata Job Owner

Dataplex Metadata Job Viewer

Dataplex Metadata Reader

Dataplex Metadata Writer

Dataplex Security Administrator

Cloud Dataplex Service Agent

Dataplex Storage Data Owner

Dataplex Storage Data Reader

Dataplex Storage Data Writer

Dataplex Taxonomy Administrator

Dataplex Taxonomy Viewer

Dataplex Viewer

資料歷程的預先定義角色

歷程檢視者角色

查看兩個資產之間歷程的角色

查看歷程時可查看資產中繼資料的角色

資料歷程事件產生者角色

資料歷程編輯者角色

資料歷程管理員角色

資料角色

後續步驟

Dataplex Universal Catalog 身分與存取權管理角色