BigLake IAM roles
Stay organized with collections
Save and categorize content based on your preferences.
BigLake defines several
Identity and Access Management (IAM) roles.
Each predefined role contains a set of IAM permissions that allow principals to
perform certain actions. You can use an IAM policy to give a
principal one or more IAM roles.
Identity and Access Management (IAM) also offers the ability to create
customized IAM roles. You can create custom IAM
roles and assign the role one or more permissions. Then, you can grant the new
role to your principals. Use custom roles to create an access
control model that maps directly to your needs, alongside the available
predefined roles.
This page focuses on the IAM roles relevant to BigLake.
IAM BigLake roles
are a bundle of one or more permissions.
You grant roles to principals to allow them to perform actions on the
BigLake resources in your project. For example, the BigLake Viewer role contains the
biglake.*.get and biglake.*.list permissions, which allow a user to get
and list BigLake resources in a
project.
The following table lists all BigLake roles and the permissions associated with each role:
Role
Permissions
BigLake Admin
(roles/biglake.admin)
Provides full access to all BigLake resources.
biglake.*
biglake.catalogs.create
biglake.catalogs.delete
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.catalogs.setIamPolicy
biglake.databases.create
biglake.databases.delete
biglake.databases.get
biglake.databases.list
biglake.databases.update
biglake.locks.check
biglake.locks.create
biglake.locks.delete
biglake.locks.list
biglake.namespaces.create
biglake.namespaces.delete
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.namespaces.setIamPolicy
biglake.namespaces.update
biglake.tables.create
biglake.tables.delete
biglake.tables.get
biglake.tables.getData
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.lock
biglake.tables.setIamPolicy
biglake.tables.update
biglake.tables.updateData
resourcemanager.projects.get
resourcemanager.projects.list
BigLake Editor
Beta
(roles/biglake.editor)
Provides read and write access to all BigLake resources.
biglake.catalogs.create
biglake.catalogs.delete
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.namespaces.create
biglake.namespaces.delete
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.namespaces.update
biglake.tables.create
biglake.tables.delete
biglake.tables.get
biglake.tables.getData
biglake.tables.getIamPolicy
biglake.tables.list
biglake.tables.update
biglake.tables.updateData
resourcemanager.projects.get
resourcemanager.projects.list
BigLake Metadata Viewer
Beta
(roles/biglake.metadataViewer)
Provides read-only metadata access to all BigLake resources.
biglake.catalogs.get
biglake.catalogs.getIamPolicy
biglake.catalogs.list
biglake.namespaces.get
biglake.namespaces.getIamPolicy
biglake.namespaces.list
biglake.tables.get
biglake.tables.getIamPolicy
biglake.tables.list
resourcemanager.projects.get
resourcemanager.projects.list
BigLake Viewer
(roles/biglake.viewer)
Provides read-only access to all BigLake resources.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-03-10 UTC."],[],[]]
