roles

package
v0.16.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ServiceGcp      = Service("GCP")
	ServiceBigQuery = Service("BQ")
)

Variables

View Source 
var RolesBigQueryAdmin = GcpRole{
	Name:                   "roles/bigquery.admin",
	Description:            "Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project.",
	GlobalPermissions:      map[Service][]string{ServiceBigQuery: {ds.Admin}},
	UsageGlobalPermissions: map[Service][]string{ServiceBigQuery: {ds.Read, ds.Write, ds.Admin}},
}

RolesBigQueryAdmin https://cloud.google.com/bigquery/docs/access-control#bigquery.admin Provides permissions to manage all resources within the project. Can manage all data within the project, and can cancel jobs from other users running within the project. Lowest-level resources where you can grant this role: Datasets, Row access policies, Tables, Views

View Source 
var RolesBigQueryCatalogFineGrainedAccess = GcpRole{
	Name:        "roles/datacatalog.categoryFineGrainedReader",
	Description: "Read access to sub-resources tagged by a policy tag, for example, BigQuery columns.",
}

RolesBigQueryCatalogFineGrainedAccess https://cloud.google.com/bigquery/docs/column-level-security-intro#roles The Data Catalog Fine-Grained Reader role is required for users who need access to data in secured columns.

Applies at the policy tag level. This role grants the ability to access the content of columns restricted by a policy tag.

View Source 
var RolesBigQueryCatalogPolicyTagAdmin = GcpRole{
	Name:        "roles/datacatalog.categoryAdmin",
	Description: "The Data Catalog Policy Tag Admin role is required for users who need to create and manage taxonomies and policy tags.",
}

RolesBigQueryCatalogPolicyTagAdmin https://cloud.google.com/bigquery/docs/column-level-security-intro#roles The Data Catalog Policy Tag Admin role is required for users who need to create and manage taxonomies and policy tags.

Applies at the project level. This role grants the ability to do the following: 

Create, read, update, and delete taxonomies and policy tags.

Get and set IAM policies on policy tags.

View Source 
var RolesBigQueryConnectionAdmin = GcpRole{
	Name: "roles/bigquery.connectionAdmin",
}

RolesBigQueryConnectionAdmin https://cloud.google.com/bigquery/docs/access-control#bigquery.connectionAdmin

View Source 
var RolesBigQueryConnectionUser = GcpRole{
	Name: "roles/bigquery.connectionUser",
}

RolesBigQueryConnectionUser https://cloud.google.com/bigquery/docs/access-control#bigquery.connectionUser

View Source 
var RolesBigQueryDataOwner = GcpRole{
	Name:                   "roles/bigquery.dataOwner",
	Description:            "When applied to a table or view, this role provides permissions to (1) read and update data and metadata for the table or view, (2) share the table or view and, (3) delete the table or view. When applied to a dataset, this role provides permissions to (1) read, update, and delete the dataset and (2) create, update, get, and delete the dataset's tables. When applied at the project or organization level, this role can also create new datasets.",
	UsageGlobalPermissions: map[Service][]string{ServiceBigQuery: {ds.Read, ds.Write, ds.Admin}},
}

RolesBigQueryDataOwner https://cloud.google.com/bigquery/docs/access-control#bigquery.dataOwner When applied to a table or view, this role provides permissions to:

  • Read and update data and metadata for the table or view.
  • Share the table or view.
  • Delete the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

  • Read, update, and delete the dataset.
  • Create, update, get, and delete the dataset's tables.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role: Tables, Views

View Source 
var RolesBigQueryDataViewer = GcpRole{
	Name:                   "roles/bigquery.dataViewer",
	Description:            "When applied to a table or view, this role provides permissions to read data and metadata from the table or view. When applied to a dataset, this role provides permissions to (1) read the dataset's metadata and list tables in the dataset and (2) Read data and metadata from the dataset's tables.\n",
	GlobalPermissions:      map[Service][]string{ServiceBigQuery: {ds.Read}},
	UsageGlobalPermissions: map[Service][]string{ServiceBigQuery: {ds.Read}},
}

RolesBigQueryDataViewer https://cloud.google.com/bigquery/docs/access-control#bigquery.dataViewer When applied to a table or view, this role provides permissions to:

  • Read data and metadata from the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

  • Read the dataset's metadata and list tables in the dataset.
  • Read data and metadata from the dataset's tables.

When applied at the project or organization level, this role can also enumerate all datasets in the project. Additional roles, however, are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role: Tables, Views

View Source 
var RolesBigQueryEditor = GcpRole{
	Name:        "roles/bigquery.dataEditor",
	Description: "When applied to a table or view, this role provides permissions to (1) read and update data and metadata for the table or view and (2) delete the table or view. When applied to a dataset, this role provides permissions to (1) read the dataset's metadata and list tables in the dataset and (2) create, update, get, and delete the dataset's tables. When applied at the project or organization level, this role can also create new datasets ",

	GlobalPermissions:      map[Service][]string{ServiceBigQuery: {ds.Write}},
	UsageGlobalPermissions: map[Service][]string{ServiceBigQuery: {ds.Read, ds.Write, ds.Admin}},
}

RolesBigQueryEditor https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor When applied to a table or view, this role provides permissions to:

  • Read and update data and metadata for the table or view.
  • Delete the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

  • Read the dataset's metadata and list tables in the dataset.
  • Create, update, get, and delete the dataset's tables.

When applied at the project or organization level, this role can also create new datasets.

Lowest-level resources where you can grant this role: Tables, Views

View Source 
var RolesBigQueryFilteredDataViewer = GcpRole{
	Name:                   "roles/bigquery.filteredDataViewer",
	Description:            "Access to view filtered table data defined by a row access policy",
	UsageGlobalPermissions: map[Service][]string{ServiceBigQuery: {ds.Read}},
}

RolesBigQueryFilteredDataViewer https://cloud.google.com/bigquery/docs/access-control#bigquery.filteredDataViewer Access to view filtered table data defined by a row access policy

View Source 
var RolesBigQueryJobUser = GcpRole{
	Name:        "roles/bigquery.jobUser",
	Description: "Provides permissions to run jobs, including queries, within the project",
}

RolesBigQueryJobUser https://cloud.google.com/bigquery/docs/access-control#bigquery.jobUser Provides permissions to run jobs, including queries, within the project. Lowest-level resources where you can grant this role: Project

View Source 
var RolesBigQueryMaskedReader = GcpRole{
	Name:              "roles/bigquerydatapolicy.maskedReader",
	Description:       "Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns",
	GlobalPermissions: map[Service][]string{ServiceBigQuery: {ds.Read, ds.Write, ds.Admin}},
}

RolesBigQueryMaskedReader https://cloud.google.com/bigquery/docs/access-control#bigquerydatapolicy.maskedReader Masked read access to sub-resources tagged by the policy tag associated with a data policy, for example, BigQuery columns

View Source 
var RolesBigQueryMetadataViewer = GcpRole{
	Name:        "roles/bigquery.metadataViewer",
	Description: "Access to view table and dataset metadata",
}

RolesBigQueryMetadataViewer https://cloud.google.com/bigquery/docs/access-control#bigquery.metadataViewer When applied to a table or view, this role provides permissions to:

  • Read metadata from the table or view.

This role cannot be applied to individual models or routines.

When applied to a dataset, this role provides permissions to:

  • List tables and views in the dataset.
  • Read metadata from the dataset's tables and views.

When applied at the project or organization level, this role provides permissions to:

  • List all datasets and read metadata for all datasets in the project.
  • List all tables and views and read metadata for all tables and views in the project.

Additional roles are necessary to allow the running of jobs.

Lowest-level resources where you can grant this role: Tables, Views

View Source 
var RolesBigQueryReadSessionUser = GcpRole{
	Name:        "roles/bigquery.readSessionUser",
	Description: "Provides the ability to create and use read sessions.",
}

RolesBigQueryReadSessionUser https://cloud.google.com/bigquery/docs/access-control#bigquery.readSessionUser Provides the ability to create and use read sessions.

Lowest-level resources where you can grant this role: Projects

View Source 
var RolesBigQueryResourceAdmin = GcpRole{
	Name:        "roles/bigquery.resourceAdmin",
	Description: "Administer all BigQuery resources.",
}

RolesBigQueryResourceAdmin https://cloud.google.com/bigquery/docs/access-control#bigquery.resourceAdmin Administer all BigQuery resources.

View Source 
var RolesBigQueryResourceEditor = GcpRole{
	Name:        "roles/bigquery.resourceEditor",
	Description: "Manage all BigQuery resources, but cannot make purchasing decisions.",
}

RolesBigQueryResourceEditor https://cloud.google.com/bigquery/docs/access-control#bigquery.resourceEditor

View Source 
var RolesBigQueryResourceViewer = GcpRole{
	Name:        "roles/bigquery.resourceViewer",
	Description: "View all BigQuery resources but cannot make changes or purchasing decisions.",
}

RolesBigQueryResourceViewer https://cloud.google.com/bigquery/docs/access-control#bigquery.resourceViewer View all BigQuery resources but cannot make changes or purchasing decisions.

View Source 
var RolesBigQueryUser = GcpRole{
	Name:        "roles/bigquery.user",
	Description: "When applied to a project, access to run queries, create datasets, read dataset metadata, and list tables. When applied to a dataset, access to read dataset metadata and list tables within the dataset.",
}

RolesBigQueryUser https://cloud.google.com/bigquery/docs/access-control#bigquery.user When applied to a dataset, this role provides the ability to read the dataset's metadata and list tables in the dataset.

When applied to a project, this role also provides the ability to run jobs, including queries, within the project. A principal with this role can enumerate their own jobs, cancel their own jobs, and enumerate datasets within a project. Additionally, allows the creation of new datasets within the project; the creator is granted the BigQuery Data Owner role (roles/bigquery.dataOwner) on these new datasets.

Lowest-level resources where you can grant this role: Datasets

View Source 
var RolesEditor = GcpRole{
	Name:                   "roles/editor",
	Description:            "View, create, update, and delete most Google Cloud resources. See the list of included permissions.",
	GlobalPermissions:      map[Service][]string{ServiceGcp: {ds.Write}},
	UsageGlobalPermissions: map[Service][]string{ServiceGcp: {ds.Read, ds.Write}},
}

RolesEditor All viewer permissions, plus permissions for actions that modify state, such as changing existing resources.

The permissions in the Editor role let you create and delete resources for most Google Cloud services. However, the Editor role doesn't contain permissions to perform all actions for all services. No data acess is provided by this role

View Source 
var RolesOwner = GcpRole{
	Name:                   "roles/owner",
	Description:            "Full access to most Google Cloud resources. See the list of included permissions.",
	GlobalPermissions:      map[Service][]string{ServiceGcp: {ds.Admin}},
	UsageGlobalPermissions: map[Service][]string{ServiceGcp: {ds.Read, ds.Write, ds.Admin}, ServiceBigQuery: {ds.Admin}},
}

RolesOwner All Editor permissions, plus permissions for actions like the following: - Completing sensitive tasks, like canceling BigQuery jobs - Managing roles and permissions for a project and all resources within the project - Setting up billing for a project No data access is provided by this role

View Source 
var RolesViewer = GcpRole{
	Name:                   "roles/viewer",
	Description:            "View most Google Cloud resources. See the list of included permissions.",
	GlobalPermissions:      map[Service][]string{ServiceGcp: {ds.Read}},
	UsageGlobalPermissions: map[Service][]string{ServiceGcp: {ds.Read}},
}

RolesViewer Permissions for read-only actions that don't affect state, such as viewing (but not modifying) existing resources. No data access is provided by this role

View Source 
var TitleCaser = cases.Title(language.English)

Functions

func RoleToDisplayName added in v0.16.0 

func RoleToDisplayName(roleName string) string

RoleToDisplayName generates a more human readable role name

Types

type GcpRole 

type GcpRole struct {
	Name        string
	DisplayName string
	Description string

	GlobalPermissions      map[Service][]string // global permissions per service
	UsageGlobalPermissions map[Service][]string // usage permissions per service
}

func (*GcpRole) ToDataObjectTypePermission 

func (r *GcpRole) ToDataObjectTypePermission(service Service) *ds.DataObjectTypePermission

type Service 

type Service string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.