Data Catalog roles and permissions

This page lists the IAM roles and permissions for Data Catalog. Tosearch through all roles and permissions, see therole andpermission index.

Data Catalog roles

Role Permissions

Role	Permissions
Data Catalog Admin (`roles/datacatalog.admin`) Full access to all DataCatalog resources	`bigquery.connections.get` `bigquery.connections.updateTag` `bigquery.datasets.get` `bigquery.datasets.updateTag` `bigquery.models.getMetadata` `bigquery.models.updateTag` `bigquery.routines.get` `bigquery.routines.updateTag` `bigquery.tables.get` `bigquery.tables.updateTag` `datacatalog.catalogs.searchAll` `datacatalog.categories.getIamPolicy` `datacatalog.categories.setIamPolicy` `datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.entryGroups.` `datacatalog.entryGroups.create` `datacatalog.entryGroups.delete` `datacatalog.entryGroups.get` `datacatalog.entryGroups.getIamPolicy` `datacatalog.entryGroups.list` `datacatalog.entryGroups.setIamPolicy` `datacatalog.entryGroups.update` `datacatalog.entryGroups.updateTag` `datacatalog.migrationConfig.` `datacatalog.migrationConfig.get` `datacatalog.migrationConfig.set` `datacatalog.operations.list` `datacatalog.relationships.` `datacatalog.relationships.create` `datacatalog.relationships.createBelongsTo` `datacatalog.relationships.createIsDescribedBy` `datacatalog.relationships.createIsRelatedTo` `datacatalog.relationships.createIsSynonymousTo` `datacatalog.relationships.delete` `datacatalog.relationships.deleteBelongsTo` `datacatalog.relationships.deleteIsDescribedBy` `datacatalog.relationships.deleteIsRelatedTo` `datacatalog.relationships.deleteIsSynonymousTo` `datacatalog.relationships.list` `datacatalog.tagTemplates.` `datacatalog.tagTemplates.create` `datacatalog.tagTemplates.delete` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getIamPolicy` `datacatalog.tagTemplates.getTag` `datacatalog.tagTemplates.setIamPolicy` `datacatalog.tagTemplates.update` `datacatalog.tagTemplates.use` `datacatalog.taxonomies.` `datacatalog.taxonomies.create` `datacatalog.taxonomies.delete` `datacatalog.taxonomies.get` `datacatalog.taxonomies.getIamPolicy` `datacatalog.taxonomies.list` `datacatalog.taxonomies.setIamPolicy` `datacatalog.taxonomies.update` `dataplex.aspectTypes.` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.getData` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataProfileAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useDescriptionsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useQueriesAspect` `dataplex.entryGroups.useRefreshCadenceAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useStorageAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.` `dataplex.entryTypes.create` `dataplex.entryTypes.delete` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.entryTypes.setIamPolicy` `dataplex.entryTypes.update` `dataplex.entryTypes.use` `dataplex.glossaries.` `dataplex.glossaries.create` `dataplex.glossaries.delete` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.import` `dataplex.glossaries.list` `dataplex.glossaries.setIamPolicy` `dataplex.glossaries.update` `dataplex.glossaryCategories.` `dataplex.glossaryCategories.create` `dataplex.glossaryCategories.delete` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryCategories.update` `dataplex.glossaryTerms.` `dataplex.glossaryTerms.create` `dataplex.glossaryTerms.delete` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.glossaryTerms.update` `dataplex.glossaryTerms.use` `dataplex.operations.get` `dataplex.projects.search` `pubsub.topics.get` `pubsub.topics.updateTag` `resourcemanager.projects.get` `resourcemanager.projects.list`
Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Manage taxonomies	`datacatalog.categories.getIamPolicy` `datacatalog.categories.setIamPolicy` `datacatalog.taxonomies.*` `datacatalog.taxonomies.create` `datacatalog.taxonomies.delete` `datacatalog.taxonomies.get` `datacatalog.taxonomies.getIamPolicy` `datacatalog.taxonomies.list` `datacatalog.taxonomies.setIamPolicy` `datacatalog.taxonomies.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Fine-Grained Reader (`roles/datacatalog.categoryFineGrainedReader`) Read access to sub-resources tagged by a policy tag, for example, BigQuery columns	`datacatalog.categories.fineGrainedGet`
DataCatalog Data Steward^Beta (`roles/datacatalog.dataSteward`) Can update overview and data steward fields	`datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.entries.updateContacts` `datacatalog.entries.updateOverview` `datacatalog.entryGroups.get` `datacatalog.migrationConfig.get` `datacatalog.relationships.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useOverviewAspect` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) Can create new entryGroups	`datacatalog.entryGroups.create` `datacatalog.entryGroups.get` `datacatalog.entryGroups.list` `dataplex.entryGroups.create` `dataplex.entryGroups.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Full access to entryGroups	`datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.entryGroups.` `datacatalog.entryGroups.create` `datacatalog.entryGroups.delete` `datacatalog.entryGroups.get` `datacatalog.entryGroups.getIamPolicy` `datacatalog.entryGroups.list` `datacatalog.entryGroups.setIamPolicy` `datacatalog.entryGroups.update` `datacatalog.entryGroups.updateTag` `datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.getData` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.` `dataplex.entryGroups.create` `dataplex.entryGroups.delete` `dataplex.entryGroups.export` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.import` `dataplex.entryGroups.list` `dataplex.entryGroups.setIamPolicy` `dataplex.entryGroups.update` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataProfileAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useDescriptionsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useQueriesAspect` `dataplex.entryGroups.useRefreshCadenceAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useStorageAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.*` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) Full access to entries	`datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.entryGroups.get` `datacatalog.migrationConfig.get` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.entries.` `dataplex.entries.create` `dataplex.entries.delete` `dataplex.entries.get` `dataplex.entries.getData` `dataplex.entries.link` `dataplex.entries.list` `dataplex.entries.update` `dataplex.entryGroups.get` `dataplex.entryGroups.useContactsAspect` `dataplex.entryGroups.useDataProfileAspect` `dataplex.entryGroups.useDataQualityScorecardAspect` `dataplex.entryGroups.useDefinitionEntryLink` `dataplex.entryGroups.useDescriptionsAspect` `dataplex.entryGroups.useGenericAspect` `dataplex.entryGroups.useGenericEntry` `dataplex.entryGroups.useOverviewAspect` `dataplex.entryGroups.useQueriesAspect` `dataplex.entryGroups.useRefreshCadenceAspect` `dataplex.entryGroups.useRelatedEntryLink` `dataplex.entryGroups.useSchemaAspect` `dataplex.entryGroups.useStorageAspect` `dataplex.entryGroups.useSynonymEntryLink` `dataplex.entryLinks.*` `dataplex.entryLinks.create` `dataplex.entryLinks.delete` `dataplex.entryLinks.get` `dataplex.entryLinks.reference` `dataplex.entryTypes.get` `dataplex.entryTypes.list` `dataplex.entryTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) Read access to entries	`datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.entryGroups.get` `datacatalog.migrationConfig.get` `datacatalog.relationships.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Glossary Owner^Beta (`roles/datacatalog.glossaryOwner`) Full access to glossaries	`datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.relationships.` `datacatalog.relationships.create` `datacatalog.relationships.createBelongsTo` `datacatalog.relationships.createIsDescribedBy` `datacatalog.relationships.createIsRelatedTo` `datacatalog.relationships.createIsSynonymousTo` `datacatalog.relationships.delete` `datacatalog.relationships.deleteBelongsTo` `datacatalog.relationships.deleteIsDescribedBy` `datacatalog.relationships.deleteIsRelatedTo` `datacatalog.relationships.deleteIsSynonymousTo` `datacatalog.relationships.list` `dataplex.projects.search`
DataCatalog Glossary User^Beta (`roles/datacatalog.glossaryUser`) Can view glossaries and associate terms to entries	`datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.relationships.*` `datacatalog.relationships.create` `datacatalog.relationships.createBelongsTo` `datacatalog.relationships.createIsDescribedBy` `datacatalog.relationships.createIsRelatedTo` `datacatalog.relationships.createIsSynonymousTo` `datacatalog.relationships.delete` `datacatalog.relationships.deleteBelongsTo` `datacatalog.relationships.deleteIsDescribedBy` `datacatalog.relationships.deleteIsRelatedTo` `datacatalog.relationships.deleteIsSynonymousTo` `datacatalog.relationships.list` `dataplex.projects.search`
DataCatalog Migration Config Admin (`roles/datacatalog.migrationConfigAdmin`) Full access to Migration Config	`datacatalog.migrationConfig.*` `datacatalog.migrationConfig.get` `datacatalog.migrationConfig.set` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Search Admin (`roles/datacatalog.searchAdmin`) Can search all metadata for a project/org in DataCatalog	`datacatalog.catalogs.searchAll` `dataplex.projects.search` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) Access to modify metadata tags for entries, as well as BigQuery andPub/Sub data assets	`bigquery.connections.updateTag` `bigquery.datasets.updateTag` `bigquery.models.updateTag` `bigquery.routines.updateTag` `bigquery.tables.updateTag` `datacatalog.entries.updateTag` `datacatalog.entryGroups.updateTag` `dataplex.entries.update` `pubsub.topics.updateTag`
Data Catalog TagTemplate Creator (`roles/datacatalog.tagTemplateCreator`) Access to create new tag templates	`datacatalog.tagTemplates.create` `datacatalog.tagTemplates.get` `dataplex.aspectTypes.create` `dataplex.aspectTypes.get` `dataplex.projects.search`
Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Full access to tag templates	`datacatalog.migrationConfig.get` `datacatalog.tagTemplates.` `datacatalog.tagTemplates.create` `datacatalog.tagTemplates.delete` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getIamPolicy` `datacatalog.tagTemplates.getTag` `datacatalog.tagTemplates.setIamPolicy` `datacatalog.tagTemplates.update` `datacatalog.tagTemplates.use` `dataplex.aspectTypes.` `dataplex.aspectTypes.create` `dataplex.aspectTypes.delete` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.aspectTypes.setIamPolicy` `dataplex.aspectTypes.update` `dataplex.aspectTypes.use` `dataplex.operations.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Access to apply a tag template to an entry (to modify tags, see Data Catalog Tag Editor)	`datacatalog.migrationConfig.get` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getTag` `datacatalog.tagTemplates.use` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.aspectTypes.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog TagTemplate Viewer (`roles/datacatalog.tagTemplateViewer`) Read access to templates and tags created using the templates	`datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getTag` `dataplex.aspectTypes.get` `dataplex.aspectTypes.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog Viewer (`roles/datacatalog.viewer`) Provides metadata read access to catalogued Google Cloud assets for BigQueryand Pub/Sub	`bigquery.connections.get` `bigquery.datasets.get` `bigquery.models.getMetadata` `bigquery.routines.get` `bigquery.tables.get` `datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.entryGroups.get` `datacatalog.entryGroups.list` `datacatalog.migrationConfig.get` `datacatalog.operations.list` `datacatalog.relationships.list` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getTag` `datacatalog.taxonomies.get` `datacatalog.taxonomies.list` `dataplex.aspectTypes.get` `dataplex.aspectTypes.getIamPolicy` `dataplex.aspectTypes.list` `dataplex.entries.get` `dataplex.entries.list` `dataplex.entryGroups.get` `dataplex.entryGroups.getIamPolicy` `dataplex.entryGroups.list` `dataplex.entryLinks.get` `dataplex.entryTypes.get` `dataplex.entryTypes.getIamPolicy` `dataplex.entryTypes.list` `dataplex.glossaries.get` `dataplex.glossaries.getIamPolicy` `dataplex.glossaries.list` `dataplex.glossaryCategories.get` `dataplex.glossaryCategories.list` `dataplex.glossaryTerms.get` `dataplex.glossaryTerms.list` `dataplex.projects.search` `pubsub.topics.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Data Catalog Admin

(roles/datacatalog.admin)

Full access to all DataCatalog resources

bigquery.connections.get

bigquery.connections.updateTag

bigquery.datasets.get

bigquery.datasets.updateTag

bigquery.models.getMetadata

bigquery.models.updateTag

bigquery.routines.get

bigquery.routines.updateTag

bigquery.tables.get

bigquery.tables.updateTag

datacatalog.catalogs.searchAll

datacatalog.categories.getIamPolicy

datacatalog.categories.setIamPolicy

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.entryGroups.*

datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.list
datacatalog.entryGroups.setIamPolicy
datacatalog.entryGroups.update
datacatalog.entryGroups.updateTag

datacatalog.migrationConfig.*

datacatalog.migrationConfig.get
datacatalog.migrationConfig.set

datacatalog.operations.list

datacatalog.relationships.*

datacatalog.relationships.create
datacatalog.relationships.createBelongsTo
datacatalog.relationships.createIsDescribedBy
datacatalog.relationships.createIsRelatedTo
datacatalog.relationships.createIsSynonymousTo
datacatalog.relationships.delete
datacatalog.relationships.deleteBelongsTo
datacatalog.relationships.deleteIsDescribedBy
datacatalog.relationships.deleteIsRelatedTo
datacatalog.relationships.deleteIsSynonymousTo
datacatalog.relationships.list

datacatalog.tagTemplates.*

datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use

datacatalog.taxonomies.*

datacatalog.taxonomies.create
datacatalog.taxonomies.delete
datacatalog.taxonomies.get
datacatalog.taxonomies.getIamPolicy
datacatalog.taxonomies.list
datacatalog.taxonomies.setIamPolicy
datacatalog.taxonomies.update

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.getData
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useDataProfileAspect
dataplex.entryGroups.useDataQualityScorecardAspect
dataplex.entryGroups.useDefinitionEntryLink
dataplex.entryGroups.useDescriptionsAspect
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useQueriesAspect
dataplex.entryGroups.useRefreshCadenceAspect
dataplex.entryGroups.useRelatedEntryLink
dataplex.entryGroups.useSchemaAspect
dataplex.entryGroups.useStorageAspect
dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.*

dataplex.entryTypes.create
dataplex.entryTypes.delete
dataplex.entryTypes.get
dataplex.entryTypes.getIamPolicy
dataplex.entryTypes.list
dataplex.entryTypes.setIamPolicy
dataplex.entryTypes.update
dataplex.entryTypes.use

dataplex.glossaries.*

dataplex.glossaries.create
dataplex.glossaries.delete
dataplex.glossaries.get
dataplex.glossaries.getIamPolicy
dataplex.glossaries.import
dataplex.glossaries.list
dataplex.glossaries.setIamPolicy
dataplex.glossaries.update

dataplex.glossaryCategories.*

dataplex.glossaryCategories.create
dataplex.glossaryCategories.delete
dataplex.glossaryCategories.get
dataplex.glossaryCategories.list
dataplex.glossaryCategories.update

dataplex.glossaryTerms.*

dataplex.glossaryTerms.create
dataplex.glossaryTerms.delete
dataplex.glossaryTerms.get
dataplex.glossaryTerms.list
dataplex.glossaryTerms.update
dataplex.glossaryTerms.use

dataplex.operations.get

dataplex.projects.search

pubsub.topics.get

pubsub.topics.updateTag

resourcemanager.projects.get

resourcemanager.projects.list

Policy Tag Admin

(roles/datacatalog.categoryAdmin)

Manage taxonomies

datacatalog.categories.getIamPolicy

datacatalog.categories.setIamPolicy

datacatalog.taxonomies.*

datacatalog.taxonomies.create
datacatalog.taxonomies.delete
datacatalog.taxonomies.get
datacatalog.taxonomies.getIamPolicy
datacatalog.taxonomies.list
datacatalog.taxonomies.setIamPolicy
datacatalog.taxonomies.update

resourcemanager.projects.get

resourcemanager.projects.list

Fine-Grained Reader

(roles/datacatalog.categoryFineGrainedReader)

Read access to sub-resources tagged by a policy tag, for example, BigQuery columns

datacatalog.categories.fineGrainedGet

DataCatalog Data Steward^Beta

(roles/datacatalog.dataSteward)

Can update overview and data steward fields

datacatalog.entries.get

datacatalog.entries.list

datacatalog.entries.updateContacts

datacatalog.entries.updateOverview

datacatalog.entryGroups.get

datacatalog.migrationConfig.get

datacatalog.relationships.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useOverviewAspect

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog EntryGroup Creator

(roles/datacatalog.entryGroupCreator)

Can create new entryGroups

datacatalog.entryGroups.create

datacatalog.entryGroups.get

datacatalog.entryGroups.list

dataplex.entryGroups.create

dataplex.entryGroups.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog EntryGroup Owner

(roles/datacatalog.entryGroupOwner)

Full access to entryGroups

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.entryGroups.*

datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.list
datacatalog.entryGroups.setIamPolicy
datacatalog.entryGroups.update
datacatalog.entryGroups.updateTag

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.getData
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.*

dataplex.entryGroups.create
dataplex.entryGroups.delete
dataplex.entryGroups.export
dataplex.entryGroups.get
dataplex.entryGroups.getIamPolicy
dataplex.entryGroups.import
dataplex.entryGroups.list
dataplex.entryGroups.setIamPolicy
dataplex.entryGroups.update
dataplex.entryGroups.useContactsAspect
dataplex.entryGroups.useDataProfileAspect
dataplex.entryGroups.useDataQualityScorecardAspect
dataplex.entryGroups.useDefinitionEntryLink
dataplex.entryGroups.useDescriptionsAspect
dataplex.entryGroups.useGenericAspect
dataplex.entryGroups.useGenericEntry
dataplex.entryGroups.useOverviewAspect
dataplex.entryGroups.useQueriesAspect
dataplex.entryGroups.useRefreshCadenceAspect
dataplex.entryGroups.useRelatedEntryLink
dataplex.entryGroups.useSchemaAspect
dataplex.entryGroups.useStorageAspect
dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Entry Owner

(roles/datacatalog.entryOwner)

Full access to entries

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.entryGroups.get

datacatalog.migrationConfig.get

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.entries.*

dataplex.entries.create
dataplex.entries.delete
dataplex.entries.get
dataplex.entries.getData
dataplex.entries.link
dataplex.entries.list
dataplex.entries.update

dataplex.entryGroups.get

dataplex.entryGroups.useContactsAspect

dataplex.entryGroups.useDataProfileAspect

dataplex.entryGroups.useDataQualityScorecardAspect

dataplex.entryGroups.useDefinitionEntryLink

dataplex.entryGroups.useDescriptionsAspect

dataplex.entryGroups.useGenericAspect

dataplex.entryGroups.useGenericEntry

dataplex.entryGroups.useOverviewAspect

dataplex.entryGroups.useQueriesAspect

dataplex.entryGroups.useRefreshCadenceAspect

dataplex.entryGroups.useRelatedEntryLink

dataplex.entryGroups.useSchemaAspect

dataplex.entryGroups.useStorageAspect

dataplex.entryGroups.useSynonymEntryLink

dataplex.entryLinks.*

dataplex.entryLinks.create
dataplex.entryLinks.delete
dataplex.entryLinks.get
dataplex.entryLinks.reference

dataplex.entryTypes.get

dataplex.entryTypes.list

dataplex.entryTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Entry Viewer

(roles/datacatalog.entryViewer)

Read access to entries

datacatalog.entries.get

datacatalog.entries.list

datacatalog.entryGroups.get

datacatalog.migrationConfig.get

datacatalog.relationships.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Glossary Owner^Beta

(roles/datacatalog.glossaryOwner)

Full access to glossaries

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.relationships.*

datacatalog.relationships.create
datacatalog.relationships.createBelongsTo
datacatalog.relationships.createIsDescribedBy
datacatalog.relationships.createIsRelatedTo
datacatalog.relationships.createIsSynonymousTo
datacatalog.relationships.delete
datacatalog.relationships.deleteBelongsTo
datacatalog.relationships.deleteIsDescribedBy
datacatalog.relationships.deleteIsRelatedTo
datacatalog.relationships.deleteIsSynonymousTo
datacatalog.relationships.list

dataplex.projects.search

DataCatalog Glossary User^Beta

(roles/datacatalog.glossaryUser)

Can view glossaries and associate terms to entries

datacatalog.entries.get

datacatalog.entries.list

datacatalog.relationships.*

datacatalog.relationships.create
datacatalog.relationships.createBelongsTo
datacatalog.relationships.createIsDescribedBy
datacatalog.relationships.createIsRelatedTo
datacatalog.relationships.createIsSynonymousTo
datacatalog.relationships.delete
datacatalog.relationships.deleteBelongsTo
datacatalog.relationships.deleteIsDescribedBy
datacatalog.relationships.deleteIsRelatedTo
datacatalog.relationships.deleteIsSynonymousTo
datacatalog.relationships.list

dataplex.projects.search

DataCatalog Migration Config Admin

(roles/datacatalog.migrationConfigAdmin)

Full access to Migration Config

datacatalog.migrationConfig.*

datacatalog.migrationConfig.get
datacatalog.migrationConfig.set

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Search Admin

(roles/datacatalog.searchAdmin)

Can search all metadata for a project/org in DataCatalog

datacatalog.catalogs.searchAll

dataplex.projects.search

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog Tag Editor

(roles/datacatalog.tagEditor)

Access to modify metadata tags for entries, as well as BigQuery andPub/Sub data assets

bigquery.connections.updateTag

bigquery.datasets.updateTag

bigquery.models.updateTag

bigquery.routines.updateTag

bigquery.tables.updateTag

datacatalog.entries.updateTag

datacatalog.entryGroups.updateTag

dataplex.entries.update

pubsub.topics.updateTag

Data Catalog TagTemplate Creator

(roles/datacatalog.tagTemplateCreator)

Access to create new tag templates

datacatalog.tagTemplates.create

datacatalog.tagTemplates.get

dataplex.aspectTypes.create

dataplex.aspectTypes.get

dataplex.projects.search

Data Catalog TagTemplate Owner

(roles/datacatalog.tagTemplateOwner)

Full access to tag templates

datacatalog.migrationConfig.get

datacatalog.tagTemplates.*

datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use

dataplex.aspectTypes.*

dataplex.aspectTypes.create
dataplex.aspectTypes.delete
dataplex.aspectTypes.get
dataplex.aspectTypes.getIamPolicy
dataplex.aspectTypes.list
dataplex.aspectTypes.setIamPolicy
dataplex.aspectTypes.update
dataplex.aspectTypes.use

dataplex.operations.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog TagTemplate User

(roles/datacatalog.tagTemplateUser)

Access to apply a tag template to an entry (to modify tags, see Data Catalog Tag Editor)

datacatalog.migrationConfig.get

datacatalog.tagTemplates.get

datacatalog.tagTemplates.getTag

datacatalog.tagTemplates.use

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.aspectTypes.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog TagTemplate Viewer

(roles/datacatalog.tagTemplateViewer)

Read access to templates and tags created using the templates

datacatalog.tagTemplates.get

datacatalog.tagTemplates.getTag

dataplex.aspectTypes.get

dataplex.aspectTypes.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog Viewer

(roles/datacatalog.viewer)

Provides metadata read access to catalogued Google Cloud assets for BigQueryand Pub/Sub

bigquery.connections.get

bigquery.datasets.get

bigquery.models.getMetadata

bigquery.routines.get

bigquery.tables.get

datacatalog.entries.get

datacatalog.entries.list

datacatalog.entryGroups.get

datacatalog.entryGroups.list

datacatalog.migrationConfig.get

datacatalog.operations.list

datacatalog.relationships.list

datacatalog.tagTemplates.get

datacatalog.tagTemplates.getTag

datacatalog.taxonomies.get

datacatalog.taxonomies.list

dataplex.aspectTypes.get

dataplex.aspectTypes.getIamPolicy

dataplex.aspectTypes.list

dataplex.entries.get

dataplex.entries.list

dataplex.entryGroups.get

dataplex.entryGroups.getIamPolicy

dataplex.entryGroups.list

dataplex.entryLinks.get

dataplex.entryTypes.get

dataplex.entryTypes.getIamPolicy

dataplex.entryTypes.list

dataplex.glossaries.get

dataplex.glossaries.getIamPolicy

dataplex.glossaries.list

dataplex.glossaryCategories.get

dataplex.glossaryCategories.list

dataplex.glossaryTerms.get

dataplex.glossaryTerms.list

dataplex.projects.search

pubsub.topics.get

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog permissions

Permission	Included in roles
`datacatalog.catalogs.searchAll`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Search Admin (`roles/datacatalog.searchAdmin`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.categories.fineGrainedGet`	Fine-Grained Reader (`roles/datacatalog.categoryFineGrainedReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.categories.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.categories.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.entries.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.createGlossary`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.createGlossaryCategory`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.createGlossaryTerm`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.deleteGlossary`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.deleteGlossaryCategory`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.deleteGlossaryTerm`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.entries.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.entries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.entries.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) Security Admin (`roles/iam.securityAdmin`)
`datacatalog.entries.update`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateContacts`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateGlossary`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateGlossaryCategory`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateGlossaryTerm`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateOverview`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datacatalog.entryGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`)
`datacatalog.entryGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`)
`datacatalog.entryGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) Data Catalog Viewer (`roles/datacatalog.viewer`) Support User (`roles/iam.supportUser`)
`datacatalog.entryGroups.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.entryGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.entryGroups.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Security Admin (`roles/iam.securityAdmin`)
`datacatalog.entryGroups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`)
`datacatalog.entryGroups.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datacatalog.migrationConfig.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Migration Config Admin (`roles/datacatalog.migrationConfigAdmin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Dataplex Aspect Type Owner (`roles/dataplex.aspectTypeOwner`) Dataplex Aspect Type User (`roles/dataplex.aspectTypeUser`) Dataplex Catalog Admin (`roles/dataplex.catalogAdmin`) Dataplex Catalog Editor (`roles/dataplex.catalogEditor`) Dataplex Catalog Viewer (`roles/dataplex.catalogViewer`) Dataplex Entry Group Owner (`roles/dataplex.entryGroupOwner`) Dataplex Entry and EntryLink Owner (`roles/dataplex.entryOwner`) Dataplex Entry Type Owner (`roles/dataplex.entryTypeOwner`) Dataplex Entry Type User (`roles/dataplex.entryTypeUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.migrationConfig.set`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Migration Config Admin (`roles/datacatalog.migrationConfigAdmin`)
`datacatalog.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.relationships.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createBelongsTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createIsDescribedBy`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createIsRelatedTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createIsSynonymousTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteBelongsTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteIsDescribedBy`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteIsRelatedTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteIsSynonymousTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.tagTemplates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Creator (`roles/datacatalog.tagTemplateCreator`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Creator (`roles/datacatalog.tagTemplateCreator`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Data Catalog TagTemplate Viewer (`roles/datacatalog.tagTemplateViewer`) Data Catalog Viewer (`roles/datacatalog.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.getTag`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Data Catalog TagTemplate Viewer (`roles/datacatalog.tagTemplateViewer`) Data Catalog Viewer (`roles/datacatalog.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.update`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.use`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.taxonomies.create`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.taxonomies.delete`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.taxonomies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`datacatalog.taxonomies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`datacatalog.taxonomies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.taxonomies.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`)
`datacatalog.taxonomies.update`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.

Movatterモバイル変換

Data Catalog roles and permissions Stay organized with collections Save and categorize content based on your preferences.