This document shows you how to grant OWOX BI service account the Identity and Access Management (IAM) roles required for OWOX BI to access datasets in BigQuery.
About the OWOX BI service account and required permissions
When you create your first OWOX BI project, OWOX BI automatically generates a service account. OWOX BI uses the service account to interact with BigQuery on your behalf for all data collection and data processing scenarios where the OWOX BI user isn't directly involved.
You may grant an IAM role on the Google Cloud project level to avoid repetitive setting processes on multiple datasets, but it's not necessarily required. The OWOX BI service account requires the BigQuery Data Editor role only on specific BigQuery datasets you use in OWOX BI.
ImportantTo get your OWOX BI service account email, please contact with your OWOX manager.
Grant permissions on a dataset level
NoteYou must have BigQuery Admin or BigQuery Data Owner role on the respective dataset to proceed with the following instructions.
To grant access to a dataset, follow the steps below:
1. Navigate to the BigQuery Explorer page, expand your project and select a dataset.
2. In the details panel, click Share > Add Principal.
3. In the New principals field, enter the email of OWOX BI service account. To get your OWOX BI service account email, please get in touch with your OWOX manager.
4. For Assign roles, select the 'BigQuery Data Editor' role and click Save.
For more information about how to manage access to datasets, see Controlling access to datasets.
Grant access on a Google Cloud project level
NoteYou must have a Project IAM admin, Security Admin, or Owner role in the respective Google Cloud project to proceed with the following instructions.
To grant the service account the required permissions on the project level follow these steps:
1. In the Google Cloud console, go to the IAM page.
2. Click Grant Access.
3. In the New principals field, enter the OWOX BI service account email.
4. In the Select a role drop-down list, select the BigQuery Data Editor role.
5. Click Save.
If all is done correctly, Service Account will appear in the list of Principals on the IAM & Admin page.
For more information about how to control access to datasets, go to Manage access to projects.