Google BigQuery prerequisites¶
Introduction¶
To use the Google BigQuery connector, you must have a Google service account for your project with appropriate permissions set, and certain credentials obtained from the service account.
Create a service account and grant roles¶
Follow these steps to create a service account and grant roles to provide access to the Google Cloud project to be used with the Google BigQuery connector:
-
Select a project in the Google Cloud Console.
Note
Ensure the Google BigQuery API is enabled.
-
In the navigation menu, navigate to IAM & Admin > Service Accounts.
-
Click Create Service Account, located along the top of the page.
-
Enter the Service account details:
-
Service account name: Enter any string for the service account name.
-
Service account ID: This field is automatically populated to match the Service account name and can be edited, if desired.
-
Service account description: Enter a description for the service account.
-
-
Click Create and Continue.
-
Assign a role to allow access to the project (required for a successful connection in the Google BigQuery connector):
-
Role: Using the menu, select the appropriate BigQuery role or custom role for your use case, then click Continue.
Note
When using a custom role, you must have the
bigquery.datasets.get
andbigquery.tables.list
permission assigned to that role at a minimum. otherwise, the Google BigQuery connection won't be successful.When using predefined BigQuery roles, these are the role combinations that can be granted to the service account to allow access to each Google BigQuery activity:
Activity Cloud BigQuery Roles Data transfer BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerInvoke routine BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerQuery BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerInsert record BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerCreate structure BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerUpdate structure BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerUpdate record BigQuery Admin or
BigQuery Data Editor or
BigQuery Data ViewerDelete structure BigQuery Admin or
BigQuery Data Editor or
BigQuery Data Viewer
-
-
Optionally, grant access to the service account to specific users:
-
Click Done.
Obtain credentials¶
Follow these steps to obtain the credentials required for connection configuration:
-
On the Service accounts page, click the Actions menu for the service account created above, then click Manage keys.
-
Click Add Key > Create new key, select JSON as the Key type, and then click Create to download the JSON file to your computer:
-
Open the downloaded JSON file in a text editor and retain the values of the
project_id
,private_key
, andclient_email
to be used during connection configuration.