roles/dataplex.storageDataWriter
Write access to data. Should not be used directly. This role is granted by Dataplex Universal Catalog to managed resources like Cloud Storage buckets, BigQuery datasets etc.
Dataplex Storage Data Writer
['bigquery.tables.updateData', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.update']
Copy Permissions
GA
roles/dataplex.encryptionAdmin
Gives user permissions to manage encryption configurations.
Dataplex Encryption Admin
['dataplex.encryptionConfig.create', 'dataplex.encryptionConfig.delete', 'dataplex.encryptionConfig.get', 'dataplex.encryptionConfig.list', 'dataplex.encryptionConfig.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions
GA
roles/dataplex.aspectTypeUser
Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.
Dataplex Aspect Type User
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.metadataJobOwner
Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.
Dataplex Metadata Job Owner
['dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.editor
Write access to Dataplex Universal Catalog resources, except for catalog resources like entries, entry groups, and glossaries.
Dataplex Editor
['cloudasset.assets.analyzeIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.update', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.update', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.update']
Copy Permissions
GA
roles/dataplex.dataScanAdmin
Full access to DataScan resources.
Dataplex DataScan Administrator
['dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions
GA
roles/dataplex.dataScanViewer
Read access to DataScan resources, excluding the results.
Dataplex DataScan Viewer
['dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list']
Copy Permissions
GA
roles/dataplex.metadataJobViewer
Read access to Metadata Job resources.
Dataplex Metadata Job Viewer
['dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.discoveryServiceAgent
Gives the Dataplex Discovery Service Agent bucket read permissions.
Dataplex Discovery Service Agent
['storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/dataplex.storageDataReader
Read only access to data. Should not be used directly. This role is granted by Dataplex Universal Catalog to managed resources like Cloud Storage buckets, BigQuery datasets etc.
Dataplex Storage Data Reader
['bigquery.datasets.get', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/dataplex.bindingAdmin
Full access on DataAttribute Binding resources.
Dataplex Binding Administrator
['dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update']
Copy Permissions
GA
roles/dataplex.entryGroupExporter
Grants access to export this entry group for Metadata Job processing.
Dataplex Entry Group Exporter
['dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.viewer
Read access to Dataplex Universal Catalog resources, except for catalog resources like entries, entry groups, and glossaries.
Dataplex Viewer
['cloudasset.assets.analyzeIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.lakeActions.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.zoneActions.list', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list']
Copy Permissions
GA
roles/dataplex.entryTypeUser
Grants access to use Entry Types to create/modify Entries of those types.
Dataplex Entry Type User
['datacatalog.migrationConfig.get', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.dataScanEditor
Write access to DataScan resources.
Dataplex DataScan Editor
['dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions
GA
roles/dataplex.entryGroupImporter
Grants access to import this entry group for Metadata Job processing.
Dataplex Entry Group Importer
['dataplex.entryGroups.get', 'dataplex.entryGroups.import', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.dataScanDataViewer
Read access to DataScan resources, including the results.
Dataplex DataScan DataViewer
['dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list']
Copy Permissions
GA
roles/dataplex.metadataReader
Read only access to metadata within table and fileset entities and partitions.
Dataplex Metadata Reader
['dataplex.assets.get', 'dataplex.assets.list', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.zones.get', 'dataplex.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.discoveryBigLakePublishingServiceAgent
Gives the Dataplex Discovery Service Agent permissions to use bigquery connection.
Dataplex Discovery BigLake Publishing Service Agent
['bigquery.connections.delegate', 'bigquery.connections.use']
Copy Permissions
GA
roles/dataplex.taxonomyViewer
Read access on DataTaxonomy, DataAttribute resources.
Dataplex Taxonomy Viewer
['dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list']
Copy Permissions
GA
roles/dataplex.dataScanCreator
Access to create new DataScan resources.
Dataplex DataScan Creator
['dataplex.datascans.create', 'dataplex.datascans.get', 'dataplex.datascans.list', 'dataplex.operations.get']
Copy Permissions
GA
roles/dataplex.storageDataOwner
Owner access to data. Should not be used directly. This role is granted by Dataplex Universal Catalog to managed resources like Cloud Storage buckets, BigQuery datasets etc.
Dataplex Storage Data Owner
['bigquery.datasets.get', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/dataplex.serviceAgent
Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.
Cloud Dataplex Service Agent
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.objectRefs.read', 'bigquery.objectRefs.write', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservationGroups.create', 'bigquery.reservationGroups.delete', 'bigquery.reservationGroups.get', 'bigquery.reservationGroups.list', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.listFailoverDatasets', 'bigquery.reservations.update', 'bigquery.reservations.use', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.get', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateIndex', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.get', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.update', 'dataform.commentThreads.create', 'dataform.commentThreads.delete', 'dataform.commentThreads.get', 'dataform.commentThreads.list', 'dataform.commentThreads.update', 'dataform.comments.create', 'dataform.comments.delete', 'dataform.comments.get', 'dataform.comments.list', 'dataform.comments.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.assets.getIamPolicy', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.projects.search', 'dataplex.zones.getIamPolicy', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.get', 'dataproc.operations.cancel', 'dataproc.operations.get', 'dataproc.operations.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'logging.logEntries.create', 'logging.logEntries.route', 'metastore.services.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getIpFilter', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.relocate', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.setIpFilter', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.intelligenceConfigs.get', 'storage.intelligenceConfigs.update', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.move', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update', 'telemetry.metrics.write']
Copy Permissions
GA
roles/dataplex.entryGroupOwner
Owns Entry Groups and Entries inside of them.
Dataplex Entry Group Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.discoveryPublishingServiceAgent
Gives the Dataplex Discovery Service Agent dataset create and get permissions.
Dataplex Discovery Publishing Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get']
Copy Permissions
GA
roles/dataplex.aspectTypeOwner
Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.
Dataplex Aspect Type Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.dataOwner
Owner access to data. To be granted to Dataplex Universal Catalog resources Lake, Zone or Asset only.
Dataplex Data Owner
['dataplex.assets.ownData', 'dataplex.assets.readData', 'dataplex.assets.writeData']
Copy Permissions
GA
roles/dataplex.catalogAdmin
Full access to catalog resources, including entries, entry groups, and glossaries.
Dataplex Catalog Admin
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.glossaries.create', 'dataplex.glossaries.delete', 'dataplex.glossaries.get', 'dataplex.glossaries.getIamPolicy', 'dataplex.glossaries.import', 'dataplex.glossaries.list', 'dataplex.glossaries.setIamPolicy', 'dataplex.glossaries.update', 'dataplex.glossaryCategories.create', 'dataplex.glossaryCategories.delete', 'dataplex.glossaryCategories.get', 'dataplex.glossaryCategories.list', 'dataplex.glossaryCategories.update', 'dataplex.glossaryTerms.create', 'dataplex.glossaryTerms.delete', 'dataplex.glossaryTerms.get', 'dataplex.glossaryTerms.list', 'dataplex.glossaryTerms.update', 'dataplex.glossaryTerms.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.catalogViewer
Read access to catalog resources, including entries, entry groups, and glossaries. Can view IAM policies on catalog resources.
Dataplex Catalog Viewer
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryLinks.get', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.glossaries.get', 'dataplex.glossaries.getIamPolicy', 'dataplex.glossaries.list', 'dataplex.glossaryCategories.get', 'dataplex.glossaryCategories.list', 'dataplex.glossaryTerms.get', 'dataplex.glossaryTerms.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.entryOwner
Owns Metadata Entries and EntryLinks.
Dataplex Entry and EntryLink Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.get', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.admin
Full access to Dataplex Universal Catalog resources, except for catalog resources like entries and entry groups.
Dataplex Administrator
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.setIamPolicy', 'dataplex.assets.update', 'dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.entries.link', 'dataplex.entryGroups.export', 'dataplex.entryGroups.import', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryLinks.reference', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.setIamPolicy', 'dataplex.environments.update', 'dataplex.glossaries.create', 'dataplex.glossaries.delete', 'dataplex.glossaries.get', 'dataplex.glossaries.getIamPolicy', 'dataplex.glossaries.import', 'dataplex.glossaries.list', 'dataplex.glossaries.setIamPolicy', 'dataplex.glossaries.update', 'dataplex.glossaryCategories.create', 'dataplex.glossaryCategories.delete', 'dataplex.glossaryCategories.get', 'dataplex.glossaryCategories.list', 'dataplex.glossaryCategories.update', 'dataplex.glossaryTerms.create', 'dataplex.glossaryTerms.delete', 'dataplex.glossaryTerms.get', 'dataplex.glossaryTerms.list', 'dataplex.glossaryTerms.update', 'dataplex.glossaryTerms.use', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.setIamPolicy', 'dataplex.lakes.update', 'dataplex.locations.get', 'dataplex.locations.list', 'dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.setIamPolicy', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.setIamPolicy', 'dataplex.zones.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.developer
Allows running data analytics workloads in a lake.
Dataplex Developer
['dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update']
Copy Permissions
GA
roles/dataplex.dataWriter
Write access to data. To be granted to Dataplex Universal Catalog resources Lake, Zone or Asset only.
Dataplex Data Writer
['dataplex.assets.writeData']
Copy Permissions
GA
roles/dataplex.dataReader
Read only access to data. To be granted to Dataplex Universal Catalog resources Lake, Zone or Asset only.
Dataplex Data Reader
['dataplex.assets.readData']
Copy Permissions
GA
roles/dataplex.catalogEditor
Write access to catalog resources, including entries, entry groups, and glossaries. Cannot set IAM policies on resources.
Dataplex Catalog Editor
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.getData', 'dataplex.entries.link', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useDataQualityScorecardAspect', 'dataplex.entryGroups.useDefinitionEntryLink', 'dataplex.entryGroups.useDescriptionsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useQueriesAspect', 'dataplex.entryGroups.useRelatedEntryLink', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryGroups.useSynonymEntryLink', 'dataplex.entryLinks.create', 'dataplex.entryLinks.delete', 'dataplex.entryLinks.get', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.glossaries.create', 'dataplex.glossaries.delete', 'dataplex.glossaries.get', 'dataplex.glossaries.getIamPolicy', 'dataplex.glossaries.list', 'dataplex.glossaries.update', 'dataplex.glossaryCategories.create', 'dataplex.glossaryCategories.delete', 'dataplex.glossaryCategories.get', 'dataplex.glossaryCategories.list', 'dataplex.glossaryCategories.update', 'dataplex.glossaryTerms.create', 'dataplex.glossaryTerms.delete', 'dataplex.glossaryTerms.get', 'dataplex.glossaryTerms.list', 'dataplex.glossaryTerms.update', 'dataplex.glossaryTerms.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.entryTypeOwner
Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.
Dataplex Entry Type Owner
['datacatalog.migrationConfig.get', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.operations.get', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.securityAdmin
Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.
Dataplex Security Administrator
['dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess']
Copy Permissions
GA
roles/dataplex.metadataWriter
Write and read access to metadata within table and fileset entities and partitions.
Dataplex Metadata Writer
['dataplex.assets.get', 'dataplex.assets.list', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.zones.get', 'dataplex.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.taxonomyAdmin
Full access to DataTaxonomy, DataAttribute resources.
Dataplex Taxonomy Administrator
['dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update']
Copy Permissions
GA