Skip to Content

Google BigQuery Prerequisites

Introduction

To use the Google BigQuery connector, you must have a Google service account for your project with appropriate permissions set, and certain credentials obtained from the service account.

Create a Service Account and Grant Roles

Follow these steps to create a service account and grant roles to provide access to the Google Cloud project to be used with the Google BigQuery connector:

  1. Select a project in the Google Cloud Console.

    Note

    Ensure the Google BigQuery API is enabled.

  2. In the navigation menu, navigate to IAM & Admin > Service Accounts.

  3. Click Create Service Account, located along the top of the page.

  4. Enter the Service account details:

    Service account details

    • Service account name: Enter any string for the service account name.

    • Service account ID: This field is automatically populated to match the Service account name and can be edited, if desired.

    • Service account description: Enter a description for the service account.

  5. Click Create and Continue.

  6. Assign a role to allow access to the project (required for a successful connection in the Google BigQuery connector):

    Assign roles

    • Role: Using the menu, select the appropriate BigQuery role or custom role for your use case, then click Continue.

      Note

      When using a custom role, you must have the bigquery.datasets.get and bigquery.tables.list permission assigned to that role at a minimum. Otherwise, the Google BigQuery connection won't be successful.

      When using predefined BigQuery roles, these are the role combinations that can be granted to the service account to allow access to each Google BigQuery activity:

      Activity Cloud BigQuery Roles
      Data Transfer BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Invoke Routine BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Query BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Insert Record BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Create Structure BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Update Structure BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Update Record BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer
      Delete Structure BigQuery Admin or
      BigQuery Data Editor or
      BigQuery Data Viewer

  7. Optionally, grant access to the service account to specific users:

    Assign users

  8. Click Done.

Obtain Credentials

Follow these steps to obtain the credentials required for connection configuration:

  1. On the Service accounts page, click the Actions menu for the service account created above, then click Manage keys.

  2. Click Add Key > Create new key, select JSON as the Key type, and then click Create to download the JSON file to your computer:

    Create Key

  3. Open the downloaded JSON file in a text editor and retain the values of the project_id,private_key, and client_email to be used during connection configuration.