| roles/datacatalog.migrationConfigAdmin |
Full access to Migration Config |
DataCatalog Migration Config Admin |
['datacatalog.migrationConfig.get', 'datacatalog.migrationConfig.set', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.tagTemplateViewer |
Read access to templates and tags created using the templates |
Data Catalog TagTemplate Viewer |
['datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.searchAdmin |
Can search all metadata for a project/org in DataCatalog |
DataCatalog Search Admin |
['datacatalog.catalogs.searchAll', 'dataplex.projects.search', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
DEPRECATED |
| roles/datacatalog.viewer |
Grants metadata read permissions to cataloged GCP assets (BigQuery, Pub/Sub etc) |
Data Catalog Viewer |
['bigquery.connections.get', 'bigquery.datasets.get', 'bigquery.models.getMetadata', 'bigquery.routines.get', 'bigquery.tables.get', 'datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.list', 'datacatalog.migrationConfig.get', 'datacatalog.operations.list', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryLinks.get', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.glossaries.get', 'dataplex.glossaries.getIamPolicy', 'dataplex.glossaries.list', 'dataplex.glossaryCategories.get', 'dataplex.glossaryCategories.list', 'dataplex.glossaryTerms.get', 'dataplex.glossaryTerms.list', 'dataplex.projects.search', 'pubsub.topics.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.entryViewer |
Read access to entries |
DataCatalog Entry Viewer |
['datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.entryGroups.get', 'datacatalog.migrationConfig.get', 'datacatalog.relationships.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.admin |
Full access to all DataCatalog resources |
Data Catalog Admin |
['bigquery.connections.get', 'bigquery.connections.updateTag', 'bigquery.datasets.get', 'bigquery.datasets.updateTag', 'bigquery.models.getMetadata', 'bigquery.models.updateTag', 'bigquery.routines.get', 'bigquery.routines.updateTag', 'bigquery.tables.get', 'bigquery.tables.updateTag', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.create', 'datacatalog.entryGroups.delete', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.setIamPolicy', 'datacatalog.entryGroups.update', 'datacatalog.entryGroups.updateTag', 'datacatalog.migrationConfig.get', 'datacatalog.migrationConfig.set', 'datacatalog.operations.list', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.setIamPolicy', 'datacatalog.taxonomies.update', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.glossaries.create', 'dataplex.glossaries.delete', 'dataplex.glossaries.get', 'dataplex.glossaries.getIamPolicy', 'dataplex.glossaries.import', 'dataplex.glossaries.list', 'dataplex.glossaries.setIamPolicy', 'dataplex.glossaries.update', 'dataplex.glossaryCategories.create', 'dataplex.glossaryCategories.delete', 'dataplex.glossaryCategories.get', 'dataplex.glossaryCategories.list', 'dataplex.glossaryCategories.update', 'dataplex.glossaryTerms.create', 'dataplex.glossaryTerms.delete', 'dataplex.glossaryTerms.get', 'dataplex.glossaryTerms.list', 'dataplex.glossaryTerms.update', 'dataplex.glossaryTerms.use', 'dataplex.operations.get', 'dataplex.projects.search', 'pubsub.topics.get', 'pubsub.topics.updateTag', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.glossaryOwner |
Full access to glossaries |
DataCatalog Glossary Owner |
['datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'dataplex.projects.search'] |
|
BETA |
| roles/datacatalog.tagTemplateOwner |
Full access to tag templates |
Data Catalog TagTemplate Owner |
['datacatalog.migrationConfig.get', 'datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.delete', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getIamPolicy', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.setIamPolicy', 'datacatalog.tagTemplates.update', 'datacatalog.tagTemplates.use', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.categoryFineGrainedReader |
Read access to sub-resources tagged by a policy tag, for example, BigQuery columns |
Fine-Grained Reader |
['datacatalog.categories.fineGrainedGet'] |
|
GA |
| roles/datacatalog.dataSteward |
Can update overview and data steward fields |
DataCatalog Data Steward |
['datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateOverview', 'datacatalog.entryGroups.get', 'datacatalog.migrationConfig.get', 'datacatalog.relationships.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.get', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
BETA |
| roles/datacatalog.tagTemplateCreator |
Access to create new tag templates |
Data Catalog TagTemplate Creator |
['datacatalog.tagTemplates.create', 'datacatalog.tagTemplates.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.get', 'dataplex.projects.search'] |
|
GA |
| roles/datacatalog.categoryAdmin |
Manage taxonomies |
Policy Tag Admin |
['datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.getIamPolicy', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.setIamPolicy', 'datacatalog.taxonomies.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.glossaryUser |
Can view glossaries and associate terms to entries |
DataCatalog Glossary User |
['datacatalog.entries.get', 'datacatalog.entries.list', 'datacatalog.relationships.create', 'datacatalog.relationships.createBelongsTo', 'datacatalog.relationships.createIsDescribedBy', 'datacatalog.relationships.createIsRelatedTo', 'datacatalog.relationships.createIsSynonymousTo', 'datacatalog.relationships.delete', 'datacatalog.relationships.deleteBelongsTo', 'datacatalog.relationships.deleteIsDescribedBy', 'datacatalog.relationships.deleteIsRelatedTo', 'datacatalog.relationships.deleteIsSynonymousTo', 'datacatalog.relationships.list', 'dataplex.projects.search'] |
|
BETA |
| roles/datacatalog.tagTemplateUser |
Access to use templates to tag resources |
Data Catalog TagTemplate User |
['datacatalog.migrationConfig.get', 'datacatalog.tagTemplates.get', 'datacatalog.tagTemplates.getTag', 'datacatalog.tagTemplates.use', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.entryGroupOwner |
Full access to entryGroups |
DataCatalog EntryGroup Owner |
['datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.create', 'datacatalog.entryGroups.delete', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.getIamPolicy', 'datacatalog.entryGroups.list', 'datacatalog.entryGroups.setIamPolicy', 'datacatalog.entryGroups.update', 'datacatalog.entryGroups.updateTag', 'datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.entryOwner |
Full access to entries |
DataCatalog Entry Owner |
['datacatalog.entries.create', 'datacatalog.entries.createGlossary', 'datacatalog.entries.createGlossaryCategory', 'datacatalog.entries.createGlossaryTerm', 'datacatalog.entries.delete', 'datacatalog.entries.deleteGlossary', 'datacatalog.entries.deleteGlossaryCategory', 'datacatalog.entries.deleteGlossaryTerm', 'datacatalog.entries.get', 'datacatalog.entries.getIamPolicy', 'datacatalog.entries.list', 'datacatalog.entries.setIamPolicy', 'datacatalog.entries.update', 'datacatalog.entries.updateContacts', 'datacatalog.entries.updateGlossary', 'datacatalog.entries.updateGlossaryCategory', 'datacatalog.entries.updateGlossaryTerm', 'datacatalog.entries.updateOverview', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.get', 'datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.get', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.entryGroupCreator |
Can create new entryGroups |
DataCatalog EntryGroup Creator |
['datacatalog.entryGroups.create', 'datacatalog.entryGroups.get', 'datacatalog.entryGroups.list', 'dataplex.entryGroups.create', 'dataplex.entryGroups.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/datacatalog.tagEditor |
Gives permission to modify tags on a GCP assets (BigQuery, Pub/Sub etc). |
Data Catalog Tag Editor |
['bigquery.connections.updateTag', 'bigquery.datasets.updateTag', 'bigquery.models.updateTag', 'bigquery.routines.updateTag', 'bigquery.tables.updateTag', 'datacatalog.entries.updateTag', 'datacatalog.entryGroups.updateTag', 'dataplex.entries.update', 'pubsub.topics.updateTag'] |
|
GA |