roles/dataplex.storageDataWriter
Write access to data. Should not be used directly. This role is granted by Dataplex to managed resources like GCS buckets, BigQuery datasets etc.
Dataplex Storage Data Writer
['bigquery.tables.updateData', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.update']
Copy Permissions
GA
roles/dataplex.aspectTypeUser
Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.
Dataplex Aspect Type User
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.metadataJobOwner
Grants access to creating and managing Metadata Jobs. Does not give the right to create/modify Entry Groups.
Dataplex Metadata Job Owner
['dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/dataplex.editor
Write access to Dataplex resources.
Dataplex Editor
['cloudasset.assets.analyzeIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.update', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.update', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.update']
Copy Permissions
GA
roles/dataplex.dataScanAdmin
Full access to DataScan resources.
Dataplex DataScan Administrator
['dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions
GA
roles/dataplex.dataScanViewer
Read access to DataScan resources.
Dataplex DataScan Viewer
['dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list']
Copy Permissions
GA
roles/dataplex.metadataJobViewer
Read access to Metadata Job resources.
Dataplex Metadata Job Viewer
['dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/dataplex.discoveryServiceAgent
Gives the Dataplex Discovery Service Agent bucket read permissions.
Dataplex Discovery Service Agent
['storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
ALPHA
roles/dataplex.storageDataReader
Read only access to data. Should not be used directly. This role is granted by Dataplex to managed resources like GCS buckets, BigQuery datasets etc.
Dataplex Storage Data Reader
['bigquery.datasets.get', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'storage.buckets.get', 'storage.objects.get', 'storage.objects.list']
Copy Permissions
GA
roles/dataplex.bindingAdmin
Full access on DataAttribute Bindig resources.
Dataplex Binding Administrator
['dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update']
Copy Permissions
GA
roles/dataplex.entryGroupExporter
Grants access to export this entry group for Metadata Job processing.
Dataplex Entry Group Exporter
['dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/dataplex.viewer
Read access to Dataplex resources.
Dataplex Viewer
['cloudasset.assets.analyzeIamPolicy', 'dataplex.assetActions.list', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.datascans.get', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.lakeActions.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.zoneActions.list', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list']
Copy Permissions
GA
roles/dataplex.entryTypeUser
Grants access to use Entry Types to create/modify Entries of those types.
Dataplex Entry Type User
['datacatalog.migrationConfig.get', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.dataScanEditor
Write access to DataScan resources.
Dataplex DataScan Editor
['dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.update', 'dataplex.operations.get', 'dataplex.operations.list']
Copy Permissions
GA
roles/dataplex.entryGroupImporter
Grants access to import this entry group for Metadata Job processing.
Dataplex Entry Group Importer
['dataplex.entryGroups.get', 'dataplex.entryGroups.import', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
BETA
roles/dataplex.dataScanDataViewer
Read access to DataScan resources and additional contents.
Dataplex DataScan DataViewer
['dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list']
Copy Permissions
GA
roles/dataplex.metadataReader
Read only access to metadata.
Dataplex Metadata Reader
['dataplex.assets.get', 'dataplex.assets.list', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.zones.get', 'dataplex.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.discoveryBigLakePublishingServiceAgent
Gives the Dataplex Discovery Service Agent permissions to use bigquery connection.
Dataplex Discovery BigLake Publishing Service Agent
['bigquery.connections.delegate', 'bigquery.connections.use']
Copy Permissions
ALPHA
roles/dataplex.taxonomyViewer
Read access on DataTaxonomy, DataAttribute resources.
Dataplex Taxonomy Viewer
['dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list']
Copy Permissions
GA
roles/dataplex.dataScanCreator
Access to create new DataScan resources.
Dataplex DataScan Creator
['dataplex.datascans.create', 'dataplex.datascans.get', 'dataplex.datascans.list', 'dataplex.operations.get']
Copy Permissions
GA
roles/dataplex.storageDataOwner
Owner access to data. Should not be used directly. This role is granted by Dataplex to managed resources like GCS buckets, BigQuery datasets etc.
Dataplex Storage Data Owner
['bigquery.datasets.get', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.tables.create', 'bigquery.tables.createSnapshot', 'bigquery.tables.delete', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.list', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.update', 'bigquery.tables.updateData', 'storage.buckets.get', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update']
Copy Permissions
GA
roles/dataplex.serviceAgent
Gives the Dataplex service account access to project resources. This access will be used in data discovery, data management and data workload management.
Cloud Dataplex Service Agent
['bigquery.bireservations.get', 'bigquery.bireservations.update', 'bigquery.capacityCommitments.create', 'bigquery.capacityCommitments.delete', 'bigquery.capacityCommitments.get', 'bigquery.capacityCommitments.list', 'bigquery.capacityCommitments.update', 'bigquery.config.get', 'bigquery.config.update', 'bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.setIamPolicy', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.dataPolicies.create', 'bigquery.dataPolicies.delete', 'bigquery.dataPolicies.get', 'bigquery.dataPolicies.getIamPolicy', 'bigquery.dataPolicies.list', 'bigquery.dataPolicies.setIamPolicy', 'bigquery.dataPolicies.update', 'bigquery.datasets.create', 'bigquery.datasets.createTagBinding', 'bigquery.datasets.delete', 'bigquery.datasets.deleteTagBinding', 'bigquery.datasets.get', 'bigquery.datasets.getIamPolicy', 'bigquery.datasets.link', 'bigquery.datasets.listEffectiveTags', 'bigquery.datasets.listSharedDatasetUsage', 'bigquery.datasets.listTagBindings', 'bigquery.datasets.setIamPolicy', 'bigquery.datasets.update', 'bigquery.datasets.updateTag', 'bigquery.jobs.create', 'bigquery.jobs.delete', 'bigquery.jobs.get', 'bigquery.jobs.list', 'bigquery.jobs.listAll', 'bigquery.jobs.listExecutionMetadata', 'bigquery.jobs.update', 'bigquery.models.create', 'bigquery.models.delete', 'bigquery.models.export', 'bigquery.models.getData', 'bigquery.models.getMetadata', 'bigquery.models.list', 'bigquery.models.updateData', 'bigquery.models.updateMetadata', 'bigquery.models.updateTag', 'bigquery.readsessions.create', 'bigquery.readsessions.getData', 'bigquery.readsessions.update', 'bigquery.reservationAssignments.create', 'bigquery.reservationAssignments.delete', 'bigquery.reservationAssignments.list', 'bigquery.reservationAssignments.search', 'bigquery.reservations.create', 'bigquery.reservations.delete', 'bigquery.reservations.get', 'bigquery.reservations.list', 'bigquery.reservations.update', 'bigquery.routines.create', 'bigquery.routines.delete', 'bigquery.routines.get', 'bigquery.routines.list', 'bigquery.routines.update', 'bigquery.routines.updateTag', 'bigquery.rowAccessPolicies.create', 'bigquery.rowAccessPolicies.delete', 'bigquery.rowAccessPolicies.getIamPolicy', 'bigquery.rowAccessPolicies.list', 'bigquery.rowAccessPolicies.overrideTimeTravelRestrictions', 'bigquery.rowAccessPolicies.setIamPolicy', 'bigquery.rowAccessPolicies.update', 'bigquery.savedqueries.create', 'bigquery.savedqueries.delete', 'bigquery.savedqueries.get', 'bigquery.savedqueries.list', 'bigquery.savedqueries.update', 'bigquery.tables.create', 'bigquery.tables.createIndex', 'bigquery.tables.createSnapshot', 'bigquery.tables.createTagBinding', 'bigquery.tables.delete', 'bigquery.tables.deleteIndex', 'bigquery.tables.deleteSnapshot', 'bigquery.tables.deleteTagBinding', 'bigquery.tables.export', 'bigquery.tables.get', 'bigquery.tables.getData', 'bigquery.tables.getIamPolicy', 'bigquery.tables.list', 'bigquery.tables.listEffectiveTags', 'bigquery.tables.listTagBindings', 'bigquery.tables.replicateData', 'bigquery.tables.restoreSnapshot', 'bigquery.tables.setCategory', 'bigquery.tables.setColumnDataPolicy', 'bigquery.tables.setIamPolicy', 'bigquery.tables.update', 'bigquery.tables.updateData', 'bigquery.tables.updateTag', 'bigquery.transfers.get', 'bigquery.transfers.update', 'bigquerymigration.translation.translate', 'datacatalog.catalogs.searchAll', 'datacatalog.categories.getIamPolicy', 'datacatalog.categories.setIamPolicy', 'datacatalog.entries.get', 'datacatalog.taxonomies.create', 'datacatalog.taxonomies.delete', 'datacatalog.taxonomies.get', 'datacatalog.taxonomies.list', 'datacatalog.taxonomies.update', 'dataform.compilationResults.create', 'dataform.compilationResults.get', 'dataform.compilationResults.list', 'dataform.compilationResults.query', 'dataform.config.get', 'dataform.config.update', 'dataform.locations.get', 'dataform.locations.list', 'dataform.releaseConfigs.create', 'dataform.releaseConfigs.delete', 'dataform.releaseConfigs.get', 'dataform.releaseConfigs.list', 'dataform.releaseConfigs.update', 'dataform.repositories.commit', 'dataform.repositories.computeAccessTokenStatus', 'dataform.repositories.create', 'dataform.repositories.delete', 'dataform.repositories.fetchHistory', 'dataform.repositories.fetchRemoteBranches', 'dataform.repositories.get', 'dataform.repositories.getIamPolicy', 'dataform.repositories.list', 'dataform.repositories.queryDirectoryContents', 'dataform.repositories.readFile', 'dataform.repositories.setIamPolicy', 'dataform.repositories.update', 'dataform.workflowConfigs.create', 'dataform.workflowConfigs.delete', 'dataform.workflowConfigs.get', 'dataform.workflowConfigs.list', 'dataform.workflowConfigs.update', 'dataform.workflowInvocations.cancel', 'dataform.workflowInvocations.create', 'dataform.workflowInvocations.delete', 'dataform.workflowInvocations.get', 'dataform.workflowInvocations.list', 'dataform.workflowInvocations.query', 'dataform.workspaces.commit', 'dataform.workspaces.create', 'dataform.workspaces.delete', 'dataform.workspaces.fetchFileDiff', 'dataform.workspaces.fetchFileGitStatuses', 'dataform.workspaces.fetchGitAheadBehind', 'dataform.workspaces.get', 'dataform.workspaces.getIamPolicy', 'dataform.workspaces.installNpmPackages', 'dataform.workspaces.list', 'dataform.workspaces.makeDirectory', 'dataform.workspaces.moveDirectory', 'dataform.workspaces.moveFile', 'dataform.workspaces.pull', 'dataform.workspaces.push', 'dataform.workspaces.queryDirectoryContents', 'dataform.workspaces.readFile', 'dataform.workspaces.removeDirectory', 'dataform.workspaces.removeFile', 'dataform.workspaces.reset', 'dataform.workspaces.searchFiles', 'dataform.workspaces.setIamPolicy', 'dataform.workspaces.writeFile', 'dataplex.assets.getIamPolicy', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.projects.search', 'dataplex.zones.getIamPolicy', 'dataproc.batches.cancel', 'dataproc.batches.create', 'dataproc.batches.get', 'dataproc.operations.cancel', 'dataproc.operations.get', 'dataproc.operations.list', 'firebase.projects.get', 'iam.serviceAccounts.actAs', 'logging.logEntries.create', 'logging.logEntries.route', 'metastore.services.get', 'monitoring.metricDescriptors.create', 'monitoring.metricDescriptors.get', 'monitoring.metricDescriptors.list', 'monitoring.monitoredResourceDescriptors.get', 'monitoring.monitoredResourceDescriptors.list', 'monitoring.timeSeries.create', 'orgpolicy.policy.get', 'recommender.iamPolicyInsights.get', 'recommender.iamPolicyInsights.list', 'recommender.iamPolicyInsights.update', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'recommender.storageBucketSoftDeleteInsights.get', 'recommender.storageBucketSoftDeleteInsights.list', 'recommender.storageBucketSoftDeleteInsights.update', 'recommender.storageBucketSoftDeleteRecommendations.get', 'recommender.storageBucketSoftDeleteRecommendations.list', 'recommender.storageBucketSoftDeleteRecommendations.update', 'resourcemanager.hierarchyNodes.listEffectiveTags', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'servicemanagement.services.report', 'serviceusage.services.use', 'storage.anywhereCaches.create', 'storage.anywhereCaches.disable', 'storage.anywhereCaches.get', 'storage.anywhereCaches.list', 'storage.anywhereCaches.pause', 'storage.anywhereCaches.resume', 'storage.anywhereCaches.update', 'storage.bucketOperations.cancel', 'storage.bucketOperations.get', 'storage.bucketOperations.list', 'storage.buckets.create', 'storage.buckets.createTagBinding', 'storage.buckets.delete', 'storage.buckets.deleteTagBinding', 'storage.buckets.enableObjectRetention', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.getObjectInsights', 'storage.buckets.list', 'storage.buckets.listEffectiveTags', 'storage.buckets.listTagBindings', 'storage.buckets.restore', 'storage.buckets.setIamPolicy', 'storage.buckets.update', 'storage.folders.create', 'storage.folders.delete', 'storage.folders.get', 'storage.folders.list', 'storage.folders.rename', 'storage.managedFolders.create', 'storage.managedFolders.delete', 'storage.managedFolders.get', 'storage.managedFolders.getIamPolicy', 'storage.managedFolders.list', 'storage.managedFolders.setIamPolicy', 'storage.managementHubs.get', 'storage.managementHubs.update', 'storage.multipartUploads.abort', 'storage.multipartUploads.create', 'storage.multipartUploads.list', 'storage.multipartUploads.listParts', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.getIamPolicy', 'storage.objects.list', 'storage.objects.overrideUnlockedRetention', 'storage.objects.restore', 'storage.objects.setIamPolicy', 'storage.objects.setRetention', 'storage.objects.update']
Copy Permissions
GA
roles/dataplex.entryGroupOwner
Owns Entry Groups and Entries inside of them.
Dataplex Entry Group Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.discoveryPublishingServiceAgent
Gives the Dataplex Discovery Service Agent dataset create and get permissions.
Dataplex Discovery Publishing Service Agent
['bigquery.datasets.create', 'bigquery.datasets.get']
Copy Permissions
ALPHA
roles/dataplex.aspectTypeOwner
Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.
Dataplex Aspect Type Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.dataOwner
Owner access to data. To be granted to Dataplex resources Lake, Zone or Asset only.
Dataplex Data Owner
['dataplex.assets.ownData', 'dataplex.assets.readData', 'dataplex.assets.writeData']
Copy Permissions
GA
roles/dataplex.catalogAdmin
Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.
Dataplex Catalog Admin
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.setIamPolicy', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.export', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.import', 'dataplex.entryGroups.list', 'dataplex.entryGroups.setIamPolicy', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.catalogViewer
Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.
Dataplex Catalog Viewer
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.entryOwner
Owns Metadata Entries.
Dataplex Entry Owner
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.get', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.get', 'dataplex.entryTypes.list', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.admin
Full access to Dataplex resources, except Dataplex Catalog.
Dataplex Administrator
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'dataplex.assetActions.list', 'dataplex.assets.create', 'dataplex.assets.delete', 'dataplex.assets.get', 'dataplex.assets.getIamPolicy', 'dataplex.assets.list', 'dataplex.assets.setIamPolicy', 'dataplex.assets.update', 'dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.dataAttributeBindings.create', 'dataplex.dataAttributeBindings.delete', 'dataplex.dataAttributeBindings.get', 'dataplex.dataAttributeBindings.getIamPolicy', 'dataplex.dataAttributeBindings.list', 'dataplex.dataAttributeBindings.setIamPolicy', 'dataplex.dataAttributeBindings.update', 'dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update', 'dataplex.datascans.create', 'dataplex.datascans.delete', 'dataplex.datascans.get', 'dataplex.datascans.getData', 'dataplex.datascans.getIamPolicy', 'dataplex.datascans.list', 'dataplex.datascans.run', 'dataplex.datascans.setIamPolicy', 'dataplex.datascans.update', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.entryGroups.export', 'dataplex.entryGroups.import', 'dataplex.environments.create', 'dataplex.environments.delete', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.getIamPolicy', 'dataplex.environments.list', 'dataplex.environments.setIamPolicy', 'dataplex.environments.update', 'dataplex.lakeActions.list', 'dataplex.lakes.create', 'dataplex.lakes.delete', 'dataplex.lakes.get', 'dataplex.lakes.getIamPolicy', 'dataplex.lakes.list', 'dataplex.lakes.setIamPolicy', 'dataplex.lakes.update', 'dataplex.locations.get', 'dataplex.locations.list', 'dataplex.metadataJobs.cancel', 'dataplex.metadataJobs.create', 'dataplex.metadataJobs.get', 'dataplex.metadataJobs.list', 'dataplex.operations.cancel', 'dataplex.operations.delete', 'dataplex.operations.get', 'dataplex.operations.list', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.getIamPolicy', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.setIamPolicy', 'dataplex.tasks.update', 'dataplex.zoneActions.list', 'dataplex.zones.create', 'dataplex.zones.delete', 'dataplex.zones.get', 'dataplex.zones.getIamPolicy', 'dataplex.zones.list', 'dataplex.zones.setIamPolicy', 'dataplex.zones.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.developer
Allows running data analytics workloads in a lake.
Dataplex Developer
['dataplex.content.create', 'dataplex.content.delete', 'dataplex.content.get', 'dataplex.content.getIamPolicy', 'dataplex.content.list', 'dataplex.content.setIamPolicy', 'dataplex.content.update', 'dataplex.environments.execute', 'dataplex.environments.get', 'dataplex.environments.list', 'dataplex.tasks.cancel', 'dataplex.tasks.create', 'dataplex.tasks.delete', 'dataplex.tasks.get', 'dataplex.tasks.list', 'dataplex.tasks.run', 'dataplex.tasks.update']
Copy Permissions
GA
roles/dataplex.dataWriter
Write access to data. To be granted to Dataplex resources Lake, Zone or Asset only.
Dataplex Data Writer
['dataplex.assets.writeData']
Copy Permissions
GA
roles/dataplex.dataReader
Read only access to data. To be granted to Dataplex resources Lake, Zone or Asset only.
Dataplex Data Reader
['dataplex.assets.readData']
Copy Permissions
GA
roles/dataplex.catalogEditor
Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources
Dataplex Catalog Editor
['datacatalog.migrationConfig.get', 'dataplex.aspectTypes.create', 'dataplex.aspectTypes.delete', 'dataplex.aspectTypes.get', 'dataplex.aspectTypes.getIamPolicy', 'dataplex.aspectTypes.list', 'dataplex.aspectTypes.update', 'dataplex.aspectTypes.use', 'dataplex.entries.create', 'dataplex.entries.delete', 'dataplex.entries.get', 'dataplex.entries.list', 'dataplex.entries.update', 'dataplex.entryGroups.create', 'dataplex.entryGroups.delete', 'dataplex.entryGroups.get', 'dataplex.entryGroups.getIamPolicy', 'dataplex.entryGroups.list', 'dataplex.entryGroups.update', 'dataplex.entryGroups.useContactsAspect', 'dataplex.entryGroups.useGenericAspect', 'dataplex.entryGroups.useGenericEntry', 'dataplex.entryGroups.useOverviewAspect', 'dataplex.entryGroups.useSchemaAspect', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.entryTypeOwner
Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.
Dataplex Entry Type Owner
['datacatalog.migrationConfig.get', 'dataplex.entryTypes.create', 'dataplex.entryTypes.delete', 'dataplex.entryTypes.get', 'dataplex.entryTypes.getIamPolicy', 'dataplex.entryTypes.list', 'dataplex.entryTypes.setIamPolicy', 'dataplex.entryTypes.update', 'dataplex.entryTypes.use', 'dataplex.projects.search', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.securityAdmin
Permissions configure ResourceAccess and DataAccess Specs on Data Attributes.
Dataplex Security Administrator
['dataplex.dataTaxonomies.configureDataAccess', 'dataplex.dataTaxonomies.configureResourceAccess']
Copy Permissions
GA
roles/dataplex.metadataWriter
Write and Read access to metadata.
Dataplex Metadata Writer
['dataplex.assets.get', 'dataplex.assets.list', 'dataplex.entities.create', 'dataplex.entities.delete', 'dataplex.entities.get', 'dataplex.entities.list', 'dataplex.entities.update', 'dataplex.partitions.create', 'dataplex.partitions.delete', 'dataplex.partitions.get', 'dataplex.partitions.list', 'dataplex.partitions.update', 'dataplex.zones.get', 'dataplex.zones.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list']
Copy Permissions
GA
roles/dataplex.taxonomyAdmin
Full access to DataTaxonomy, DataAttribute resources.
Dataplex Taxonomy Administrator
['dataplex.dataAttributes.bind', 'dataplex.dataAttributes.create', 'dataplex.dataAttributes.delete', 'dataplex.dataAttributes.get', 'dataplex.dataAttributes.getIamPolicy', 'dataplex.dataAttributes.list', 'dataplex.dataAttributes.setIamPolicy', 'dataplex.dataAttributes.update', 'dataplex.dataTaxonomies.create', 'dataplex.dataTaxonomies.delete', 'dataplex.dataTaxonomies.get', 'dataplex.dataTaxonomies.getIamPolicy', 'dataplex.dataTaxonomies.list', 'dataplex.dataTaxonomies.setIamPolicy', 'dataplex.dataTaxonomies.update']
Copy Permissions
GA