The Commvault software uses the following permissions to perform protection operations for your BigQuery instances.
Google Cloud Storage Permissions
|
Permission |
Usage |
|---|---|
|
storage.buckets.create |
Allows creating new storage buckets in Google Cloud Storage. |
|
storage.buckets.get |
Grants read access to the metadata of a storage bucket (such as its name, location, and other properties). |
|
storage.buckets.getIamPolicy |
Allows reading the IAM policy for a bucket, which defines access control to the bucket. |
|
storage.buckets.getObjectInsights |
Grants access to object insights for a bucket (for example, usage statistics or object analysis data). |
|
storage.buckets.list |
Allows listing all buckets in a project. |
|
storage.buckets.listEffectiveTags |
Allows listing effective tags applied to a bucket. |
|
storage.buckets.listTagBindings |
Allows listing tags that are bound to the bucket. |
|
storage.buckets.setIamPolicy |
Grants permission to modify the IAM policy of a bucket, defining access control. |
|
storage.buckets.update |
Allows modifying the configuration of a storage bucket (for example, changing its location or settings). |
|
storage.multipartUploads.abort |
Allows aborting an ongoing multipart upload. |
|
storage.multipartUploads.create |
Grants permission to initiate a multipart upload for an object. |
|
storage.objects.create |
Allows uploading or creating new objects in a storage bucket. |
|
storage.objects.delete |
Allows deleting objects from a storage bucket. |
|
storage.objects.get |
Grants permission to read an object’s data from a storage bucket. |
|
storage.objects.getIamPolicy |
Allows reading the IAM policy for an object. |
|
storage.objects.list |
Allows listing objects within a bucket. |
|
storage.objects.setIamPolicy |
Allows setting the IAM policy for an object to control access. |
|
storage.objects.update |
Allows modifying an object’s metadata or data in a bucket. |
BigQuery Permissions
|
Permission |
Usage |
|---|---|
|
bigquery.datasets.create |
Allows creating new datasets in BigQuery. |
|
bigquery.datasets.get |
Grants permission to view metadata for a dataset in BigQuery. |
|
bigquery.datasets.getIamPolicy |
Allows reading the IAM policy for a BigQuery dataset. |
|
bigquery.datasets.setIamPolicy |
Allows modifying the IAM policy of a dataset to control access. |
|
bigquery.tables.create |
Allows creating new tables in a BigQuery dataset. |
|
bigquery.tables.get |
Grants permission to read metadata for a table in BigQuery. |
|
bigquery.tables.getData |
Allows reading the data stored in a BigQuery table. |
|
bigquery.tables.list |
Allows listing the tables within a dataset. |
|
bigquery.tables.delete |
Grants permission to delete a table in BigQuery. |
|
bigquery.tables.export |
Allows exporting the data from a BigQuery table. |
|
bigquery.tables.update |
Grants permission to modify a table's schema in BigQuery. |
|
bigquery.tables.updateData |
Allows modifying data in a BigQuery table (for example, updating rows). |
|
bigquery.tables.getIamPolicy |
Allows reading the IAM policy for a BigQuery table. |
|
bigquery.tables.setIamPolicy |
Allows modifying the IAM policy for a BigQuery table. |
|
bigquery.tables.deleteIndex |
Allows deleting an index on a BigQuery table. |
|
bigquery.tables.createIndex |
Allows creating an index on a BigQuery table to improve query performance. |
|
bigquery.routines.create |
Allows creating stored procedures or user-defined functions (UDFs) in BigQuery. |
|
bigquery.routines.get |
Allows reading metadata for a stored procedure or function in BigQuery. |
|
bigquery.routines.delete |
Grants permission to delete a stored procedure or function in BigQuery. |
|
bigquery.routines.list |
Allows listing routines (stored procedures or UDFs) in a BigQuery dataset. |
|
bigquery.connections.create |
Allows creating new connections to external data sources for use with BigQuery. |
|
bigquery.connections.delete |
Allows deleting an existing BigQuery connection. |
|
bigquery.connections.get |
Allows viewing metadata for a BigQuery connection. |
|
bigquery.connections.getIamPolicy |
Allows reading the IAM policy for a BigQuery connection. |
|
bigquery.connections.setIamPolicy |
Grants permission to modify the IAM policy of a BigQuery connection. |
|
bigquery.connections.list |
Allows listing all the BigQuery connections. |
|
bigquery.connections.use |
Grants permission to use a BigQuery connection for querying external data sources. |
|
bigquery.connections.delegate |
Allows delegating the use of a BigQuery connection to other users. |
|
bigquery.jobs.create |
Allows creating jobs (for example, queries, data loads) in BigQuery. |
|
bigquery.jobs.get |
Grants permission to view details and status of a job in BigQuery. |
|
bigquery.jobs.list |
Allows listing jobs within a project. |
|
bigquery.jobs.listAll |
Allows listing all jobs in all projects within an organization. |
Compute Engine and Resource Manager Permissions
|
Permission |
Usage |
|---|---|
|
compute.regions.list |
Allows listing all available regions in Google Cloud for Compute Engine. |
|
resourcemanager.projects.list |
Grants permission to list all projects within a Google Cloud organization. |
|
resourcemanager.projects.get |
Allows viewing details of a project in Google Cloud. |