Bigquery Updating Metadata but Disabled Create/Delete/Alter Tables
What roles should be properly assigned to a group/service account if we would like to be able to update table descriptions in a centralized dataset and other labels for Data Catalog?
We currently have this but this only allows the users to update tables that they have created. Not the centralized tables.
roles/datacatalog.tagEditor
roles/datacatalog.entryViewer
roles/datacatalog.tagTemplateCreator
roles/datacatalog.tagTemplateUser
I understand the role roles/bigquery.dataEditor will be able to cover this but we want users to only update existing table metadata but not allowed to delete or alter it.
To be able to specifically update the metadata only you need to create a custom role. To do this you can follow the steps below:
Open your Google Cloud console
Select "IAM & Admin" -> Roles
Click "+ Create Role"
Edit "Title" to provide a descriptive role title. I used "Custom BigQuery metadata update"
Click "+ Add Permissions"
At the filter bar, put bigquery.tables.update and click "ADD"
- Permission bigquery.tables.update allows you to update the TABLE METADATA ONLY. See permission list for reference.
- Permission bigquery.tables.update allows you to update the TABLE METADATA ONLY. See permission list for reference.
Click "Create"
Once done, the created custom role that contains only bigquery.tables.update should be searchable when assigning roles in IAM.
