| roles/metastore.admin |
Full access to all Dataproc Metastore resources. |
Dataproc Metastore Admin |
['metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.getIamPolicy', 'metastore.backups.list', 'metastore.backups.setIamPolicy', 'metastore.backups.use', 'metastore.federations.create', 'metastore.federations.delete', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.federations.setIamPolicy', 'metastore.federations.update', 'metastore.federations.use', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.cancel', 'metastore.migrations.complete', 'metastore.migrations.delete', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.migrations.start', 'metastore.operations.cancel', 'metastore.operations.delete', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.create', 'metastore.services.delete', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'metastore.services.setIamPolicy', 'metastore.services.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/metastore.editor |
Read and write access to all Dataproc Metastore resources. |
Dataproc Metastore Editor |
['metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.list', 'metastore.backups.use', 'metastore.federations.create', 'metastore.federations.delete', 'metastore.federations.get', 'metastore.federations.list', 'metastore.federations.update', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.migrations.cancel', 'metastore.migrations.complete', 'metastore.migrations.delete', 'metastore.migrations.get', 'metastore.migrations.list', 'metastore.migrations.start', 'metastore.operations.cancel', 'metastore.operations.delete', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.create', 'metastore.services.delete', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'metastore.services.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/metastore.metadataEditor |
Access to read and modify the metadata of databases and tables under those databases. |
Dataproc Metastore Metadata Editor |
['metastore.databases.create', 'metastore.databases.delete', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.update', 'metastore.services.get', 'metastore.services.use', 'metastore.tables.create', 'metastore.tables.delete', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.update'] |
|
GA |
| roles/metastore.user |
Read-only access to all Dataproc Metastore resources. |
Dataproc Metastore Viewer |
['metastore.backups.get', 'metastore.backups.list', 'metastore.federations.get', 'metastore.federations.getIamPolicy', 'metastore.federations.list', 'metastore.imports.get', 'metastore.imports.list', 'metastore.locations.get', 'metastore.locations.list', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/metastore.metadataOperator |
Read-only access to Dataproc Metastore resources with additional metadata operations permission. |
Dataproc Metastore Metadata Operator |
['metastore.backups.create', 'metastore.backups.delete', 'metastore.backups.get', 'metastore.backups.list', 'metastore.backups.use', 'metastore.imports.create', 'metastore.imports.get', 'metastore.imports.list', 'metastore.imports.update', 'metastore.locations.get', 'metastore.locations.list', 'metastore.operations.get', 'metastore.operations.list', 'metastore.services.export', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.restore', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/metastore.metadataOwner |
Full access to the metadata of databases and tables under those databases. |
Dataproc Metastore Data Owner |
['metastore.databases.create', 'metastore.databases.delete', 'metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.databases.setIamPolicy', 'metastore.databases.update', 'metastore.services.get', 'metastore.services.getIamPolicy', 'metastore.services.list', 'metastore.services.use', 'metastore.tables.create', 'metastore.tables.delete', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list', 'metastore.tables.setIamPolicy', 'metastore.tables.update'] |
|
GA |
| roles/metastore.metadataQueryAdmin |
Access to query metadata from a Dataproc Metastore service's underlying metadata store. |
Dataproc Metastore Metadata Query Admin |
['metastore.services.queryMetadata'] |
|
GA |
| roles/metastore.metadataUser |
Access to the Dataproc Metastore gRPC endpoint |
Dataproc Metastore Metadata User |
['metastore.databases.get', 'metastore.databases.list', 'metastore.services.get', 'metastore.services.use'] |
|
GA |
| roles/metastore.serviceAgent |
Gives the Dataproc Metastore service account access to managed resources. |
Dataproc Metastore Service Agent |
['compute.addresses.createInternal', 'compute.addresses.deleteInternal', 'compute.addresses.get', 'compute.addresses.use', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.get', 'compute.forwardingRules.pscCreate', 'compute.forwardingRules.pscDelete', 'compute.globalAddresses.createInternal', 'compute.globalAddresses.deleteInternal', 'compute.globalAddresses.get', 'compute.globalAddresses.list', 'compute.globalOperations.get', 'compute.globalOperations.list', 'compute.networks.addPeering', 'compute.networks.get', 'compute.networks.removePeering', 'compute.networks.updatePeering', 'compute.networks.use', 'compute.regionOperations.get', 'compute.subnetworks.get', 'compute.subnetworks.use', 'dns.changes.create', 'dns.changes.get', 'dns.managedZones.create', 'dns.managedZones.delete', 'dns.managedZones.get', 'dns.managedZones.list', 'dns.networks.bindPrivateDNSZone', 'dns.networks.targetWithPeeringZone', 'dns.resourceRecordSets.create', 'dns.resourceRecordSets.delete', 'dns.resourceRecordSets.get', 'dns.resourceRecordSets.list', 'dns.resourceRecordSets.update', 'metastore.databases.get', 'metastore.databases.setIamPolicy', 'metastore.databases.update', 'metastore.federations.use', 'metastore.services.get', 'metastore.tables.get', 'metastore.tables.setIamPolicy', 'metastore.tables.update', 'servicedirectory.namespaces.create', 'servicedirectory.namespaces.delete', 'servicedirectory.services.create', 'servicedirectory.services.delete', 'storage.buckets.create', 'storage.buckets.delete', 'storage.buckets.get', 'storage.buckets.update', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get', 'storage.objects.list', 'storage.objects.update'] |
|
GA |
| roles/metastore.migrationAdmin |
Access to Dataproc Metastore Managed Migration resources and workflow. |
Dataproc Metastore Managed Migration Admin |
['cloudsql.instances.connect', 'cloudsql.instances.get', 'cloudsql.instances.login', 'compute.autoscalers.create', 'compute.autoscalers.delete', 'compute.disks.create', 'compute.disks.delete', 'compute.forwardingRules.create', 'compute.forwardingRules.delete', 'compute.forwardingRules.use', 'compute.instanceGroupManagers.create', 'compute.instanceGroupManagers.delete', 'compute.instanceGroupManagers.use', 'compute.instanceGroups.delete', 'compute.instanceGroups.use', 'compute.instanceTemplates.create', 'compute.instanceTemplates.delete', 'compute.instanceTemplates.get', 'compute.instanceTemplates.useReadOnly', 'compute.instances.create', 'compute.instances.delete', 'compute.instances.get', 'compute.instances.setMetadata', 'compute.machineTypes.list', 'compute.regionBackendServices.create', 'compute.regionBackendServices.delete', 'compute.regionBackendServices.use', 'compute.regionHealthChecks.create', 'compute.regionHealthChecks.delete', 'compute.regionHealthChecks.use', 'compute.regionHealthChecks.useReadOnly', 'compute.serviceAttachments.create', 'compute.serviceAttachments.delete', 'compute.subnetworks.get', 'compute.subnetworks.use', 'compute.zones.list', 'datastream.connectionProfiles.create', 'datastream.connectionProfiles.delete', 'datastream.objects.get', 'datastream.objects.list', 'datastream.objects.startBackfillJob', 'datastream.objects.stopBackfillJob', 'datastream.operations.get', 'datastream.privateConnections.create', 'datastream.privateConnections.delete', 'datastream.streams.create', 'datastream.streams.delete', 'datastream.streams.get', 'datastream.streams.update'] |
|
GA |
| roles/metastore.metadataViewer |
Access to read the metadata of databases and tables under those databases |
Dataproc Metastore Metadata Viewer |
['metastore.databases.get', 'metastore.databases.getIamPolicy', 'metastore.databases.list', 'metastore.services.get', 'metastore.services.use', 'metastore.tables.get', 'metastore.tables.getIamPolicy', 'metastore.tables.list'] |
|
GA |
| roles/metastore.metadataMutateAdmin |
Access to mutate metadata from a Dataproc Metastore service's underlying metadata store. |
Dataproc Metastore Metadata Mutate Admin |
['metastore.services.mutateMetadata'] |
|
GA |
| roles/metastore.federationAccessor |
Access to the Metastore Federation resource. |
Metastore Federation Accessor |
['metastore.federations.use'] |
|
GA |