kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
026071209cceadb98f39ea69bc10dfeac1934554
hunfabric/blueprints/data-solutions/data-platform-minimal/IAM.md
lcaggio 099ad03910 Improve Minimal Data Platform Blueprint (#1473) 
* Add SA to access to Curated resources

* Add BQ dataset in the landing project

* Provide example to move data from landing to curated using BQ engine

* Improve diagram
2023-06-28 09:05:48 +02:00

6.5 KiB
Raw Blame History

IAM bindings reference

Legend: + additive, conditional.

Project cmn

members roles
gcp-data-analysts
group		 roles/datacatalog.viewer
gcp-data-engineers
group		 roles/dlp.estimatesAdmin
roles/dlp.reader
roles/dlp.user
gcp-data-security
group		 roles/datacatalog.admin
roles/dlp.admin
prc-0
serviceAccount		 roles/datacatalog.categoryFineGrainedReader
roles/datacatalog.viewer
roles/dlp.user

Project cur

members roles
gcp-data-analysts
group		 roles/bigquery.dataViewer
roles/bigquery.jobUser
roles/datacatalog.tagTemplateViewer
roles/datacatalog.viewer
roles/storage.objectViewer
gcp-data-engineers
group		 roles/bigquery.dataViewer
roles/bigquery.jobUser
roles/datacatalog.tagTemplateViewer
roles/datacatalog.viewer
roles/storage.objectViewer
SERVICE_IDENTITY_service-networking
serviceAccount		 roles/servicenetworking.serviceAgent +
cur-sa-0
serviceAccount		 roles/bigquery.dataViewer
roles/bigquery.jobUser
roles/datacatalog.tagTemplateViewer
roles/datacatalog.viewer
roles/storage.objectViewer
prc-0
serviceAccount		 roles/bigquery.dataOwner
roles/bigquery.jobUser
roles/storage.objectAdmin

Project lnd

members roles
lnd-sa-0
serviceAccount		 roles/storage.objectCreator
prc-0
serviceAccount		 roles/storage.objectAdmin
prc-cmp-0
serviceAccount		 roles/storage.objectViewer

Project prc

members roles
gcp-data-engineers
group		 roles/composer.admin
roles/composer.environmentAndStorageObjectAdmin
roles/iam.serviceAccountUser
roles/iap.httpsResourceAccessor
roles/serviceusage.serviceUsageConsumer
roles/storage.admin
SERVICE_IDENTITY_cloudcomposer-accounts
serviceAccount		 roles/composer.ServiceAgentV2Ext
roles/storage.admin
SERVICE_IDENTITY_service-networking
serviceAccount		 roles/servicenetworking.serviceAgent +
prc-0
serviceAccount		 roles/bigquery.jobUser
roles/dataflow.worker
roles/dataproc.worker
prc-cmp-0
serviceAccount		 roles/bigquery.jobUser
roles/composer.worker
roles/dataflow.admin
roles/dataproc.editor
roles/iam.serviceAccountUser
roles/storage.admin