Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

Cloud Read/Write Permissions for GCS

  • Capella Analytics
  • reference
    +
    This page outlines the required read and write permissions when copying data to or from external cloud providers.

    Exclusive permissions are required when reading from cloud storage using External Collections or writing to cloud storage using COPY TO statements.

    Prerequisites

    Before granting permissions, ensure you have the following:

    • A Google Cloud Platform (GCP) account with the necessary administrative privileges.

    • Access to the Google Cloud Console.

    • The name of the GCS bucket you want to access.

    Read Permissions

    You need Read permissions when reading from cloud storage using External Collections.

    To grant read permissions to your GCP cloud storage:

    1. Create a Role.

    2. Add the Role to the Bucket.

    Create a Role

    To create a new role with the required read permissions:

    1. Go to the Google Cloud console.

    2. From the Dashboard, go to IAM and Admin and select Roles.

    3. Select Create Role.

    4. Fill in the information (Title, Description, … etc).

    5. Select Add Permissions.

    6. Select the following permissions:

      • storage.objects.get

      • storage.objects.list

    7. Select Add.

    8. Select Create.

    Add the Role to the Bucket

    Add the Google Cloud Platform (GCP) Service Account you want to use with Capella Analytics to the bucket and assign it the role you created:

    1. Go to the Google Cloud console.

    2. From the Dashboard, go to Cloud Storage and select Buckets.

    3. Select the desired bucket.

    4. From the Bucket page, select the Permissions tab.

    5. Under View by Principals, select Grant Access.

    6. Under Add Principal, add the desired Service Account.

    7. Under Assign Roles, select the Role created in the previous steps.

    Read and Write Permissions

    Read and write permissions are needed when writing to cloud storage using COPY TO statements. To grant read and write permissions to your GCP cloud storage:

    1. Create a Role.

    2. Add the Role to the Bucket.

    Create a Role

    To create a new role with the required read and write permissions:

    1. Go to the Google Cloud console.

    2. From the Dashboard, go to IAM and Admin and select Roles.

    3. Select Create Role.

    4. Fill in the information (Title, Description, … etc).

    5. Select Add Permissions.

    6. Select the following permissions:

      • storage.objects.get

      • storage.objects.list

      • storage.objects.create

      • storage.objects.delete

    7. Select Add.

    8. Select Create.

    Add the Role to the Bucket

    Next, add the Google Cloud Platform (GCP) Service Account to the bucket and assign it the created role:

    1. Go to the Google Cloud console.

    2. From the Dashboard, go to Cloud Storage and select Buckets.

    3. Select the desired bucket.

    4. From the Bucket page, select the Permissions tab.

    5. Under View by Principals, select Grant Access.

    6. Under Add Principal, add the desired Service Account.

    7. Under Assign Roles, select the Role created in the previous steps.

    See Also