LogoLogo
  • Introduction
    • Overview
    • Why Alvin?
    • Connect your systems
      • Data Warehouse
        • BigQuery
          • Provision source system credentials
          • Provision with GCloud CLI
        • Snowflake
        • Databricks
      • Business Intelligence
        • Looker
      • Orchestration
        • dbt
      • SSO (Single Sign-On)
    • Security & compliance
    • Types of metadata
    • FAQ
  • Cost Monitoring
    • Introduction to Cost Monitoring
    • Compute
    • Storage
  • BI Query Optimizer
    • Introduction to Query Optimizer
    • How does it work?
    • Getting started
  • Workflow automation
    • Introduction to Workflow Automation
    • Events definitions
    • Configuring Workflows
  • Anomaly Detection
    • Anomaly Detection
  • Exploring Metadata
    • Lineage
      • Depth of lineage
    • Impact Analysis
    • Entities
    • Entity View
    • Metadata Warehouse
Powered by GitBook
On this page
  1. Introduction
  2. Connect your systems
  3. Data Warehouse
  4. BigQuery

Provision with GCloud CLI

If you have provisioned the source system credentials using Cloud Console you may skip this step.

export HOST_PROJECT_ID=my-project
export SA_NAME=sa-alvin-bq-reader

# init gcloud
gcloud config set project $HOST_PROJECT_ID

# create a Service Account
gcloud iam service-accounts create $SA_NAME \
--display-name  "Service Account for Alvin access to BigQuery" \
--project $HOST_PROJECT_ID

# Following steps must be executed for each project you want to connect to Alvin
# --- Begin steps for each project ----
# Change the value below and run for each project
export BQ_PROJECT_ID=my-bq-project

# ADD Bigquery Metadata Viewer Role
gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/bigquery.metadataViewer"

# ADD Bigquery Resource Viewer Role
gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/bigquery.resourceViewer"

# ADD Recommendations Viewer Roles (Optional)
gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigqueryMaterializedViewViewer"

gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigqueryPartitionClusterViewer"

gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigQueryCapacityCommitmentsProjectViewer"

gcloud projects add-iam-policy-binding $BQ_PROJECT_ID \
--member "serviceAccount:$SA_NAME@$HOST_PROJECT_ID.iam.gserviceaccount.com" \
--quiet \
--project $BQ_PROJECT_ID \
--role "roles/recommender.bigQueryCapacityCommitmentsViewer"

# --- End steps for each project ----
PreviousProvision source system credentialsNextSnowflake

Last updated 6 months ago