Connector Permissions

This section describes the permissions required for different database and object storage connectors when creating sources and generated datasets in Aindo’s platform.

Google BigQuery

Permissions for Creating a Source

When creating a source from a Google BigQuery database, the following permissions are required:

• bigquery.jobs.create - Create and run jobs for reading data
• bigquery.tables.get - Retrieve table metadata and schema information
• bigquery.datasets.get - Access dataset metadata
• bigquery.tables.list - List tables within a dataset
• bigquery.tables.getData - Read table data
• bigquery.readsessions.create - Create read sessions for efficient data extraction
• bigquery.readsessions.getData - Read data through read sessions

These permissions are included in the following predefined roles when used together:

• BigQuery User (roles/bigquery.user)
• BigQuery Data Viewer (roles/bigquery.dataViewer)

Permissions for Creating a Generated Dataset

When creating a generated dataset with a Google BigQuery destination, you need all the permissions required for creating a source, plus additional write permissions:

All required permissions:

• bigquery.jobs.create
• bigquery.tables.get
• bigquery.datasets.get
• bigquery.tables.list
• bigquery.tables.getData
• bigquery.readsessions.create
• bigquery.readsessions.getData
• bigquery.tables.create - Create new tables for the generated data
• bigquery.tables.updateData - Write and update data in tables
• bigquery.tables.delete - Remove tables

These permissions are included in the following predefined roles when used together:

• BigQuery User (roles/bigquery.user)
• BigQuery Data Editor (roles/bigquery.dataEditor)

Granting Permissions

To grant these permissions in Google Cloud Platform, you can either:

1. Use predefined roles that include these permissions
2. Create a custom role with only the specific permissions listed above

If the credentials provided during source or generated dataset setup belong to a different project than the one containing the BigQuery dataset, the required permissions must be granted on the dataset’s project.

Google Cloud Storage

Permissions for Creating a Source

When creating a source from a Google Cloud Storage bucket, the following permissions are required:

• storage.objects.get - Read object data and metadata
• storage.objects.list - List objects within a bucket

These permissions are included in the following predefined roles:

• Storage Object Viewer (roles/storage.objectViewer)

Permissions for Creating a Generated Dataset

When creating a generated dataset with a Google Cloud Storage destination, you need all the permissions required for creating a source, plus additional write permissions:

All required permissions:

• storage.objects.get
• storage.objects.list
• storage.objects.create - Create new objects for the generated data
• storage.objects.update - Update existing objects
• storage.objects.delete - Remove objects

These permissions are included in the following predefined roles:

• Storage Object User (roles/storage.objectUser)

Granting Permissions

To grant these permissions in Google Cloud Platform, you can either:

1. Use predefined roles that include these permissions
2. Create a custom role with only the specific permissions listed above