Articles in this section

Setting Up a Native BigQuery Connection

Highlights

  • In order to successfully use the native driver will require permission changes to Accelerator for a particular data set
  • Users can still use the existing JDBC BigQuery Connections

Screen_Shot_2020-06-17_at_7.20.19_PM.png

Field Definitions

  • Project ID: Billable Project where Accelerator will process the Query
  • Target Data Set: Where Accelerator should create and destroy tables to store query results. Accelerator will elevated permissions to access this
  • Bucket/Path: Location where to store exported results. This is where the temp table will be exported to be used in extraction processing
  • Credentials: JSON blob for authentication to Project and GCS Location, if empty Accelerator will use the environment credentials
  • Location: Server location of the GCS bucket

Permissions and Roles in Google Cloud

Customers using Accelerator with BigQuery would need to ensure that the service account that Accelerator uses has the following permissions to the target dataset where Accelerator will store query results:

bigquery.datasets.get
Get metadata about a dataset.
bigquery.tables.create
Create new tables.
bigquery.tables.delete
Delete tables.
bigquery.tables.export
Export table data out of BigQuery.

The role roles/bigquery.dataEditor configures all of these permissions.

Accelerator would need these permissions to the source dataset where the customer's data is stored:

bigquery.tables.get

Get table metadata.

To get table data, you need bigquery.tables.getData.

bigquery.tables.getData

Get table data. This permission is required for querying table data.

To get table metadata, you need bigquery.tables.get.

The role roles/bigquery.dataViewer is the best match for the needed permissions.

Accelerator would need these permissions to the target GCS bucket where it will export the query results:

storage.objects.create
Add new objects to the bucket.
storage.objects.delete
Delete objects.
storage.objects.get
Read object data and metadata, excluding ACLs.
storage.objects.list
List objects in the bucket. Also read object metadata, excluding ACLs, when listing.

The role roles/storage.objectAdmin is the closest match to these permissions.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.