Bigquery Updating Metadata but Disabled Create/Delete/Alter Tables
What roles should be properly assigned to a group/service account if we would like to be able to update table descriptions in a centralized dataset and other labels for Data Catalog?
We currently have this but this only allows the users to update tables that they have created. Not the centralized tables.
roles/datacatalog.tagEditor
roles/datacatalog.entryViewer
roles/datacatalog.tagTemplateCreator
roles/datacatalog.tagTemplateUser
I understand the role roles/bigquery.dataEditor will be able to cover this but we want users to only update existing table metadata but not allowed to delete or alter it.
To be able to specifically update the metadata only you need to create a custom role. To do this you can follow the steps below:
Open your Google Cloud console
Select "IAM & Admin" -> Roles
Click "+ Create Role"
Edit "Title" to provide a descriptive role title. I used "Custom BigQuery metadata update"
Click "+ Add Permissions"
At the filter bar, put bigquery.tables.update and click "ADD"
- Permission bigquery.tables.update allows you to update the TABLE METADATA ONLY. See permission list for reference.
- Permission bigquery.tables.update allows you to update the TABLE METADATA ONLY. See permission list for reference.
Click "Create"
Once done, the created custom role that contains only bigquery.tables.update should be searchable when assigning roles in IAM.
- How to fix CloudRun error 'The request was aborted because there was no available instance'
- Google Cloud Datastore Authentication on Windows 10
- Google Artifact Registry: Unable to publish package with the same version even after package deletion
- How to fix an apparently expired refresh token?
- Firebase phone auth returns: An internal error has occurred. [ Error code:39 ]
- Google Cloud Platform credentials page not loading
- How can I access users GA4 data using service account without adding service email as a user
- Google VM RAM for Minecraft Server
- Can or How to use Python asyncio on Google Cloud Functions?
- Cannot SSH into the GCP VM instances that used to work
- Integration between Jenkins and GCP service account, 403 forbidden
- How can I see request count (not rate) for a Google Cloud Run application?
- When the Cloudsql restarted, all the Cloudrun service stops working
- pgAudit not logging anything in GCP Cloud SQL
- Vertex AI feature store vs BigQuery
- Deployment to App Engine fails only when triggered from GitHub Actions
- Authenticate to Google Language API using API Key for REST based web app
- External test access to an unpublished Editor Addon in Google Workspace Marketplace
- Is it possible to pull regional secrets from GCP into Cloud Build config file?
- set log severity on google cloud without using google-cloud-logging library
- Deploy new container revision to Cloud Run without changing Terraform
- Google Service account authentication for API call using python
- Make requests to Google API with Python
- How do I run a single, one time run file in cloudrun, I do not care about web at all
- GCP Committed Usage Discount(CUD) Utilization REST API
- How to efficiently query BigQuery external table (Bigtable) using keys from a smaller table
- Grant access on BigQuery based on table prefix
- Artifact Registry Cleanup Policies not being enforced
- Default GCP IAM roles from Firebase
- How to Generate a Signed URL for storage bucket in Terraform without providing credentials