Dataproc Metastore roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Dataproc Metastore. To search through all roles and permissions, see the role and permission index.

Dataproc Metastore roles

Role Permissions

Role	Permissions
Dataproc Metastore Admin (`roles/metastore.admin`) Full access to all Dataproc Metastore resources.	`metastore.backups.` `metastore.backups.create` `metastore.backups.delete` `metastore.backups.get` `metastore.backups.getIamPolicy` `metastore.backups.list` `metastore.backups.setIamPolicy` `metastore.backups.use` `metastore.federations.` `metastore.federations.create` `metastore.federations.delete` `metastore.federations.get` `metastore.federations.getIamPolicy` `metastore.federations.list` `metastore.federations.setIamPolicy` `metastore.federations.update` `metastore.federations.use` `metastore.imports.` `metastore.imports.create` `metastore.imports.get` `metastore.imports.list` `metastore.imports.update` `metastore.locations.` `metastore.locations.get` `metastore.locations.list` `metastore.migrations.` `metastore.migrations.cancel` `metastore.migrations.complete` `metastore.migrations.delete` `metastore.migrations.get` `metastore.migrations.list` `metastore.migrations.start` `metastore.operations.` `metastore.operations.cancel` `metastore.operations.delete` `metastore.operations.get` `metastore.operations.list` `metastore.services.create` `metastore.services.delete` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.restore` `metastore.services.setIamPolicy` `metastore.services.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Metastore Editor (`roles/metastore.editor`) Read and write access to all Dataproc Metastore resources.	`metastore.backups.create` `metastore.backups.delete` `metastore.backups.get` `metastore.backups.list` `metastore.backups.use` `metastore.federations.create` `metastore.federations.delete` `metastore.federations.get` `metastore.federations.list` `metastore.federations.update` `metastore.imports.` `metastore.imports.create` `metastore.imports.get` `metastore.imports.list` `metastore.imports.update` `metastore.locations.` `metastore.locations.get` `metastore.locations.list` `metastore.migrations.` `metastore.migrations.cancel` `metastore.migrations.complete` `metastore.migrations.delete` `metastore.migrations.get` `metastore.migrations.list` `metastore.migrations.start` `metastore.operations.` `metastore.operations.cancel` `metastore.operations.delete` `metastore.operations.get` `metastore.operations.list` `metastore.services.create` `metastore.services.delete` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.restore` `metastore.services.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Metastore Federation Accessor (`roles/metastore.federationAccessor`) Access to the Metastore Federation resource.	`metastore.federations.use`
Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Access to read and modify the metadata of databases and tables under those databases.	`metastore.databases.create` `metastore.databases.delete` `metastore.databases.get` `metastore.databases.getIamPolicy` `metastore.databases.list` `metastore.databases.update` `metastore.services.get` `metastore.services.use` `metastore.tables.create` `metastore.tables.delete` `metastore.tables.get` `metastore.tables.getIamPolicy` `metastore.tables.list` `metastore.tables.update`
Dataproc Metastore Metadata Mutate Admin (`roles/metastore.metadataMutateAdmin`) Access to mutate metadata from a Dataproc Metastore service's underlying metadata store.	`metastore.services.mutateMetadata`
Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Read-only access to Dataproc Metastore resources with additional metadata operations permission.	`metastore.backups.create` `metastore.backups.delete` `metastore.backups.get` `metastore.backups.list` `metastore.backups.use` `metastore.imports.` `metastore.imports.create` `metastore.imports.get` `metastore.imports.list` `metastore.imports.update` `metastore.locations.` `metastore.locations.get` `metastore.locations.list` `metastore.operations.get` `metastore.operations.list` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.restore` `resourcemanager.projects.get` `resourcemanager.projects.list`
Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Full access to the metadata of databases and tables under those databases.	`metastore.databases.` `metastore.databases.create` `metastore.databases.delete` `metastore.databases.get` `metastore.databases.getIamPolicy` `metastore.databases.list` `metastore.databases.setIamPolicy` `metastore.databases.update` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `metastore.services.use` `metastore.tables.` `metastore.tables.create` `metastore.tables.delete` `metastore.tables.get` `metastore.tables.getIamPolicy` `metastore.tables.list` `metastore.tables.setIamPolicy` `metastore.tables.update`
Dataproc Metastore Metadata Query Admin (`roles/metastore.metadataQueryAdmin`) Access to query metadata from a Dataproc Metastore service's underlying metadata store.	`metastore.services.queryMetadata`
Dataproc Metastore Metadata User (`roles/metastore.metadataUser`) Access to the Dataproc Metastore gRPC endpoint	`metastore.databases.get` `metastore.databases.list` `metastore.services.get` `metastore.services.use`
Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`) Access to read the metadata of databases and tables under those databases	`metastore.databases.get` `metastore.databases.getIamPolicy` `metastore.databases.list` `metastore.services.get` `metastore.services.use` `metastore.tables.get` `metastore.tables.getIamPolicy` `metastore.tables.list`
Dataproc Metastore Managed Migration Admin (`roles/metastore.migrationAdmin`) Access to Dataproc Metastore Managed Migration resources and workflow.	`cloudsql.instances.connect` `cloudsql.instances.get` `cloudsql.instances.login` `compute.autoscalers.create` `compute.autoscalers.delete` `compute.disks.create` `compute.disks.delete` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.use` `compute.instanceGroupManagers.create` `compute.instanceGroupManagers.delete` `compute.instanceGroupManagers.use` `compute.instanceGroups.delete` `compute.instanceGroups.use` `compute.instanceTemplates.create` `compute.instanceTemplates.delete` `compute.instanceTemplates.get` `compute.instanceTemplates.useReadOnly` `compute.instances.create` `compute.instances.delete` `compute.instances.get` `compute.instances.setMetadata` `compute.machineTypes.list` `compute.regionBackendServices.create` `compute.regionBackendServices.delete` `compute.regionBackendServices.use` `compute.regionHealthChecks.create` `compute.regionHealthChecks.delete` `compute.regionHealthChecks.use` `compute.regionHealthChecks.useReadOnly` `compute.serviceAttachments.create` `compute.serviceAttachments.delete` `compute.subnetworks.get` `compute.subnetworks.use` `compute.zones.list` `datastream.connectionProfiles.create` `datastream.connectionProfiles.delete` `datastream.objects.*` `datastream.objects.get` `datastream.objects.list` `datastream.objects.startBackfillJob` `datastream.objects.stopBackfillJob` `datastream.operations.get` `datastream.privateConnections.create` `datastream.privateConnections.delete` `datastream.streams.create` `datastream.streams.delete` `datastream.streams.get` `datastream.streams.update`
Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Gives the Dataproc Metastore service account access to managed resources. Warning: Do not grant service agent roles to any principals except service agents.	`compute.addresses.createInternal` `compute.addresses.deleteInternal` `compute.addresses.get` `compute.addresses.use` `compute.forwardingRules.create` `compute.forwardingRules.delete` `compute.forwardingRules.get` `compute.forwardingRules.pscCreate` `compute.forwardingRules.pscDelete` `compute.globalAddresses.createInternal` `compute.globalAddresses.deleteInternal` `compute.globalAddresses.get` `compute.globalAddresses.list` `compute.globalOperations.get` `compute.globalOperations.list` `compute.networks.addPeering` `compute.networks.get` `compute.networks.removePeering` `compute.networks.updatePeering` `compute.networks.use` `compute.regionOperations.get` `compute.subnetworks.get` `compute.subnetworks.use` `dns.changes.create` `dns.changes.get` `dns.managedZones.create` `dns.managedZones.delete` `dns.managedZones.get` `dns.managedZones.list` `dns.networks.bindPrivateDNSZone` `dns.networks.targetWithPeeringZone` `dns.resourceRecordSets.*` `dns.resourceRecordSets.create` `dns.resourceRecordSets.delete` `dns.resourceRecordSets.get` `dns.resourceRecordSets.list` `dns.resourceRecordSets.update` `metastore.databases.get` `metastore.databases.setIamPolicy` `metastore.databases.update` `metastore.federations.use` `metastore.services.get` `metastore.tables.get` `metastore.tables.setIamPolicy` `metastore.tables.update` `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete` `storage.buckets.create` `storage.buckets.delete` `storage.buckets.get` `storage.buckets.update` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list` `storage.objects.update`
Dataproc Metastore Viewer (`roles/metastore.user`) Read-only access to all Dataproc Metastore resources.	`metastore.backups.get` `metastore.backups.list` `metastore.federations.get` `metastore.federations.getIamPolicy` `metastore.federations.list` `metastore.imports.get` `metastore.imports.list` `metastore.locations.*` `metastore.locations.get` `metastore.locations.list` `metastore.operations.get` `metastore.operations.list` `metastore.services.export` `metastore.services.get` `metastore.services.getIamPolicy` `metastore.services.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Dataproc Metastore Admin

(roles/metastore.admin)

Full access to all Dataproc Metastore resources.

metastore.backups.*

metastore.backups.create
metastore.backups.delete
metastore.backups.get
metastore.backups.getIamPolicy
metastore.backups.list
metastore.backups.setIamPolicy
metastore.backups.use

metastore.federations.*

metastore.federations.create
metastore.federations.delete
metastore.federations.get
metastore.federations.getIamPolicy
metastore.federations.list
metastore.federations.setIamPolicy
metastore.federations.update
metastore.federations.use

metastore.imports.*

metastore.imports.create
metastore.imports.get
metastore.imports.list
metastore.imports.update

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.migrations.*

metastore.migrations.cancel
metastore.migrations.complete
metastore.migrations.delete
metastore.migrations.get
metastore.migrations.list
metastore.migrations.start

metastore.operations.*

metastore.operations.cancel
metastore.operations.delete
metastore.operations.get
metastore.operations.list

metastore.services.create

metastore.services.delete

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

metastore.services.setIamPolicy

metastore.services.update

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Metastore Editor

(roles/metastore.editor)

Read and write access to all Dataproc Metastore resources.

metastore.backups.create

metastore.backups.delete

metastore.backups.get

metastore.backups.list

metastore.backups.use

metastore.federations.create

metastore.federations.delete

metastore.federations.get

metastore.federations.list

metastore.federations.update

metastore.imports.*

metastore.imports.create
metastore.imports.get
metastore.imports.list
metastore.imports.update

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.migrations.*

metastore.migrations.cancel
metastore.migrations.complete
metastore.migrations.delete
metastore.migrations.get
metastore.migrations.list
metastore.migrations.start

metastore.operations.*

metastore.operations.cancel
metastore.operations.delete
metastore.operations.get
metastore.operations.list

metastore.services.create

metastore.services.delete

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

metastore.services.update

resourcemanager.projects.get

resourcemanager.projects.list

Metastore Federation Accessor

(roles/metastore.federationAccessor)

Access to the Metastore Federation resource.

metastore.federations.use

Dataproc Metastore Metadata Editor

(roles/metastore.metadataEditor)

Access to read and modify the metadata of databases and tables under those databases.

metastore.databases.create

metastore.databases.delete

metastore.databases.get

metastore.databases.getIamPolicy

metastore.databases.list

metastore.databases.update

metastore.services.get

metastore.services.use

metastore.tables.create

metastore.tables.delete

metastore.tables.get

metastore.tables.getIamPolicy

metastore.tables.list

metastore.tables.update

Dataproc Metastore Metadata Mutate Admin

(roles/metastore.metadataMutateAdmin)

Access to mutate metadata from a Dataproc Metastore service's underlying metadata store.

metastore.services.mutateMetadata

Dataproc Metastore Metadata Operator

(roles/metastore.metadataOperator)

Read-only access to Dataproc Metastore resources with additional metadata operations permission.

metastore.backups.create

metastore.backups.delete

metastore.backups.get

metastore.backups.list

metastore.backups.use

metastore.imports.*

metastore.imports.create
metastore.imports.get
metastore.imports.list
metastore.imports.update

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.operations.get

metastore.operations.list

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.restore

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Metastore Data Owner

(roles/metastore.metadataOwner)

Full access to the metadata of databases and tables under those databases.

metastore.databases.*

metastore.databases.create
metastore.databases.delete
metastore.databases.get
metastore.databases.getIamPolicy
metastore.databases.list
metastore.databases.setIamPolicy
metastore.databases.update

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

metastore.services.use

metastore.tables.*

metastore.tables.create
metastore.tables.delete
metastore.tables.get
metastore.tables.getIamPolicy
metastore.tables.list
metastore.tables.setIamPolicy
metastore.tables.update

Dataproc Metastore Metadata Query Admin

(roles/metastore.metadataQueryAdmin)

Access to query metadata from a Dataproc Metastore service's underlying metadata store.

metastore.services.queryMetadata

Dataproc Metastore Metadata User

(roles/metastore.metadataUser)

Access to the Dataproc Metastore gRPC endpoint

metastore.databases.get

metastore.databases.list

metastore.services.get

metastore.services.use

Dataproc Metastore Metadata Viewer

(roles/metastore.metadataViewer)

Access to read the metadata of databases and tables under those databases

metastore.databases.get

metastore.databases.getIamPolicy

metastore.databases.list

metastore.services.get

metastore.services.use

metastore.tables.get

metastore.tables.getIamPolicy

metastore.tables.list

Dataproc Metastore Managed Migration Admin

(roles/metastore.migrationAdmin)

Access to Dataproc Metastore Managed Migration resources and workflow.

cloudsql.instances.connect

cloudsql.instances.get

cloudsql.instances.login

compute.autoscalers.create

compute.autoscalers.delete

compute.disks.create

compute.disks.delete

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.use

compute.instanceGroupManagers.create

compute.instanceGroupManagers.delete

compute.instanceGroupManagers.use

compute.instanceGroups.delete

compute.instanceGroups.use

compute.instanceTemplates.create

compute.instanceTemplates.delete

compute.instanceTemplates.get

compute.instanceTemplates.useReadOnly

compute.instances.create

compute.instances.delete

compute.instances.get

compute.instances.setMetadata

compute.machineTypes.list

compute.regionBackendServices.create

compute.regionBackendServices.delete

compute.regionBackendServices.use

compute.regionHealthChecks.create

compute.regionHealthChecks.delete

compute.regionHealthChecks.use

compute.regionHealthChecks.useReadOnly

compute.serviceAttachments.create

compute.serviceAttachments.delete

compute.subnetworks.get

compute.subnetworks.use

compute.zones.list

datastream.connectionProfiles.create

datastream.connectionProfiles.delete

datastream.objects.*

datastream.objects.get
datastream.objects.list
datastream.objects.startBackfillJob
datastream.objects.stopBackfillJob

datastream.operations.get

datastream.privateConnections.create

datastream.privateConnections.delete

datastream.streams.create

datastream.streams.delete

datastream.streams.get

datastream.streams.update

Dataproc Metastore Service Agent

(roles/metastore.serviceAgent)

Gives the Dataproc Metastore service account access to managed resources.

compute.addresses.createInternal

compute.addresses.deleteInternal

compute.addresses.get

compute.addresses.use

compute.forwardingRules.create

compute.forwardingRules.delete

compute.forwardingRules.get

compute.forwardingRules.pscCreate

compute.forwardingRules.pscDelete

compute.globalAddresses.createInternal

compute.globalAddresses.deleteInternal

compute.globalAddresses.get

compute.globalAddresses.list

compute.globalOperations.get

compute.globalOperations.list

compute.networks.addPeering

compute.networks.get

compute.networks.removePeering

compute.networks.updatePeering

compute.networks.use

compute.regionOperations.get

compute.subnetworks.get

compute.subnetworks.use

dns.changes.create

dns.changes.get

dns.managedZones.create

dns.managedZones.delete

dns.managedZones.get

dns.managedZones.list

dns.networks.bindPrivateDNSZone

dns.networks.targetWithPeeringZone

dns.resourceRecordSets.*

dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

metastore.databases.get

metastore.databases.setIamPolicy

metastore.databases.update

metastore.federations.use

metastore.services.get

metastore.tables.get

metastore.tables.setIamPolicy

metastore.tables.update

servicedirectory.namespaces.create

servicedirectory.namespaces.delete

servicedirectory.services.create

servicedirectory.services.delete

storage.buckets.create

storage.buckets.delete

storage.buckets.get

storage.buckets.update

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

storage.objects.update

Dataproc Metastore Viewer

(roles/metastore.user)

Read-only access to all Dataproc Metastore resources.

metastore.backups.get

metastore.backups.list

metastore.federations.get

metastore.federations.getIamPolicy

metastore.federations.list

metastore.imports.get

metastore.imports.list

metastore.locations.*

metastore.locations.get
metastore.locations.list

metastore.operations.get

metastore.operations.list

metastore.services.export

metastore.services.get

metastore.services.getIamPolicy

metastore.services.list

resourcemanager.projects.get

resourcemanager.projects.list

Dataproc Metastore permissions

Permission	Included in roles
`metastore.backups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`)
`metastore.backups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`)
`metastore.backups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.backups.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`)
`metastore.backups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.backups.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Dataproc Metastore Admin (`roles/metastore.admin`)
`metastore.backups.use`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`)
`metastore.databases.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`)
`metastore.databases.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`)
`metastore.databases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata User (`roles/metastore.metadataUser`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)
`metastore.databases.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`)
`metastore.databases.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata User (`roles/metastore.metadataUser`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`)
`metastore.databases.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)
`metastore.databases.update`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)
`metastore.federations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.federations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.federations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.federations.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.federations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.federations.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Dataproc Metastore Admin (`roles/metastore.admin`)
`metastore.federations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.federations.use`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Metastore Federation Accessor (`roles/metastore.federationAccessor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)
`metastore.imports.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`)
`metastore.imports.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.imports.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.imports.update`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`)
`metastore.locations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.locations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.migrations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.migrations.complete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.migrations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.migrations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.migrations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.migrations.start`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.services.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.services.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.services.export`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.services.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata User (`roles/metastore.metadataUser`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`) Dataproc Metastore Viewer (`roles/metastore.user`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Service Agent (`roles/dataproc.serviceAgent`) Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`) Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`metastore.services.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.services.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Viewer (`roles/metastore.user`)
`metastore.services.mutateMetadata`	Owner (`roles/owner`) Dataproc Metastore Metadata Mutate Admin (`roles/metastore.metadataMutateAdmin`)
`metastore.services.queryMetadata`	Owner (`roles/owner`) Dataproc Metastore Metadata Query Admin (`roles/metastore.metadataQueryAdmin`)
`metastore.services.restore`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`) Dataproc Metastore Metadata Operator (`roles/metastore.metadataOperator`)
`metastore.services.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Dataproc Metastore Admin (`roles/metastore.admin`)
`metastore.services.update`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Admin (`roles/metastore.admin`) Dataproc Metastore Editor (`roles/metastore.editor`)
`metastore.services.use`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata User (`roles/metastore.metadataUser`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`)
`metastore.tables.create`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`)
`metastore.tables.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`)
`metastore.tables.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)
`metastore.tables.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`)
`metastore.tables.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Dataproc Metastore Metadata Viewer (`roles/metastore.metadataViewer`)
`metastore.tables.setIamPolicy`	Owner (`roles/owner`) Security Admin (`roles/iam.securityAdmin`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)
`metastore.tables.update`	Owner (`roles/owner`) Editor (`roles/editor`) Dataproc Metastore Metadata Editor (`roles/metastore.metadataEditor`) Dataproc Metastore Data Owner (`roles/metastore.metadataOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Dataproc Metastore Service Agent (`roles/metastore.serviceAgent`)

Dataproc Metastore roles and permissions Stay organized with collections Save and categorize content based on your preferences.