Auth and Permissions
Authentication
This adapter will use Application Default Credentials to authenticate with BigQuery and run queries, including both the queries necessary to populate the data catalog and the queries you type into Harlequin. You can use the gcloud CLI to pass user credentials to ADC by running:
$ gcloud auth application-default loginTo install the gcloud CLI, see here.
Authorization
The user will need the permission to query both INFORMATION_SCHEMA.TABLES and INFORMATION_SCHEMA.COLUMNS to load the data catalog.
To query these views, you need the following Identity and Access Management (IAM) permissions:
bigquery.tables.getbigquery.tables.listbigquery.routines.getbigquery.routines.list
Each of the following predefined IAM roles includes the necessary permissions:
roles/bigquery.adminroles/bigquery.dataViewerroles/bigquery.metadataViewer
For more information about BigQuery permissions, see Access control with IAM.