Required Permissions for GCP SQL and BigQuery Resource Tagging Governance

Required Permissions for GCP SQL and BigQuery Resource Tagging Governance

Required Permissions for GCP SQL and BigQuery Resource Tagging Governance

SQL Resources: To enable tagging for SQL resources in Google Cloud Platform (GCP), such as Cloud SQL instances, the following permissions and configurations are required:

  1. Cloud SQL Admin API:

    • Permission: The IAM service account used for tagging operations must have the necessary permissions to enable the Cloud SQL Admin API.
    • Configuration: Enable the Cloud SQL Admin API in the Google Cloud Console under APIs & Services > Dashboard > Enable APIs and Services.

  2. IAM Permissions:

    • Roles: The IAM service account should be assigned roles that grant the necessary permissions for managing Cloud SQL resources, such as roles/cloudsql.admin.

BigQuery Dataset: To enable tagging for BigQuery datasets in GCP, the following permissions and configurations are required:

  1. BigQuery Data Owner Role:
    • Permission: The IAM service account used for tagging operations must be assigned the roles/bigquery.dataOwner role at the organization level or on the specific dataset.
    • Configuration:
      • To assign the role at the organization level, go to the Google Cloud Console IAM & Admin > IAM > Add, and add the service account with the roles/bigquery.dataOwner role.
      • To assign the role on a specific dataset, go to BigQuery > Datasets, select the dataset, click Share Dataset, and add the service account with the roles/bigquery.dataOwner role.

By ensuring that the IAM service accounts have the appropriate permissions and roles, tagging for SQL resources and BigQuery datasets can be effectively governed and managed in GCP.

    • Related Articles

    • AWS EC2 Instance Tag Restrictions

      When creating an EC2 instance in AWS, the instance name is set as the value of the Name tag. The tag key (Name) and tag value must follow certain conventions. The following basic restrictions apply to tags:Maximum number of tags per resource – 50 For ...

    • Purchased RI Unavailable in Optimize Rate page

      What to do if your purchased reservations in the cloud platform are not available in the optimize rate page in CoreStack: 1. Check the Cloud Provider and Currency: Ensure the correct cloud provider and currency are selected in the UI. The page ...

    • AWS EC2 Cost Report not showing data.

      Scenario: When accessing the AWS EC2 Cost report, users may encounter situations where the report appears empty, despite the presence of EC2 instances in the Cloud. In some cases, users may encounter issues with AWS EC2 cost reports, specifically ...

    • Resolving Manual Controls in Standards to Improve Compliance Score

      After executing a Standard in CoreStack for a cloud account, some controls may require manual resolution to be fully compliant. Follow the steps below to resolve these manual controls and improve your compliance score. Steps to Resolve Manual ...

    • AWS External ID change

      AWS External ID Change An External ID in AWS is a unique identifier used in cross-account access scenarios to ensure that a request from one account to another is intended. Here's an elaboration on the process and considerations for managing AWS ...