Unify and manage your data

Create a custom IAM role at the project level

Learn how to create a custom role with IAM permissions at the project level.

Create a custom role with a set of specific IAM permissions to stream data from your tenant to your GCP project. These permissions allow Reltio to create tables and views, insert data into the tables, and create routines to get tenant data to your GBQ environment.
There are two ways to create the role:
  1. Using the following gcloud command:
    gcloud iam roles create reltio.gbq.connector.global --project=<project-id> --title="Reltio GBQ connector Project Level" --permissions=bigquery.jobs.create,bigquery.jobs.get,serviceusage.services.use
  2. Using the Google Cloud console.

To create an IAM role using the Google Cloud console:

  1. In the Google Cloud console, select Roles.
  2. In the Roles page, select your organization or project from the drop-down list at the top of the page.
  3. Select the More actions icon at the top of the page.
  4. Select CREATE ROLE.
  5. In the Create Role page, provide the following details for your role:
    1. Title: Enter the role name.
    2. Description: Enter the role description.
    3. ID: Enter the role ID.
    4. Role launch stage: Select the stage that indicates whether the role is ready for widespread use or not from the drop-down list.
    5. Select + ADD PERMISSIONS.
    6. In the Add permissions window, select the bigquery.jobs.create, bigquery.jobs.get, and serviceusage.services.use permissions to include in the role.
      You may search for the permissions in the Enter property name or value field
    7. Select the permissions.
    8. Select ADD.
  6. Select CREATE.

See the following table for a description of the permissions:

PermissionDescription
bigquery.jobs.createAllows the creation of BigQuery jobs, such as loading data into tables. This is used for table or view recreation and compaction operations.
bigquery.jobs.getEnables retrieval of information about BigQuery jobs. This is used for table or view recreation and compaction operations.
serviceusage.services.useGrants the ability to use services within a project, including consuming quota and billing. This permission is necessary for the service account to use the BigQuery API and other Google Cloud services.