Provision with GCloud CLI

export HOST_PROJECT_ID=my-project
export SA_NAME=sa-alvin-bq-reader

# init gcloud
gcloud config set project $HOST_PROJECT_ID

# create a Service Account
gcloud iam service-accounts create $SA_NAME \
--display-name  "Service Account for Alvin access to BigQuery" \
--project $HOST_PROJECT_ID

# Following steps must be executed for each project you want to connect to Alvin
# --- Begin steps for each project ----
# Change the value below and run for each project
export BQ_PROJECT_ID=my-bq-project

# ADD Bigquery Metadata Viewer Role
gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/bigquery.metadataViewer"

# ADD Bigquery Resource Viewer Role
gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/bigquery.resourceViewer"

# ADD Recommendations Viewer Roles (Optional)
gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigqueryMaterializedViewViewer"

gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigqueryPartitionClusterViewer"

gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigQueryCapacityCommitmentsProjectViewer"

gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigQueryCapacityCommitmentsViewer"

# --- End steps for each project ----