Connect to data
BigQuery

To connect BigQuery to Kaldea, you will need Admin access to your BigQuery instance.

Complete all of the following steps to see BigQuery metadata in Kaldea:

  1. Create a service account for Kaldea
  2. Create a new JSON key
  3. Connect BigQuery to Kaldea
  4. Choose databases and schemas

High Level Scope on Kaldea Integration

Kaldea operates on BigQuery using the Google Cloud SDK. Hence it is necessary to grant Kaldea an adequate access to your Google Cloud Accounts.

There are 3 types of credentials that Kaldea may need :

  1. kaldea-system : The credential used by Kaldea system
  2. kaldea-default : The default credential used by Kaldea for the user action. Can be overriden by personal.
  3. personal : The personalised credential to be registered at the personal settings page. To be used by personnel that requires additional access (optional)

Required Permission : kaldea-system

  1. Create kaldea-system.pii-management role on GCP. (Project Level) The following is a list of required permissions for managing PII tags:

    bigquery.tables.setCategory
    datacatalog.taxonomies.get
    datacatalog.taxonomies.list
    
  2. Create kaldea-system.bigquery-jobs role on GCP. The following is a list of required permissions for managing BigQuery jobs (ex Query):

    bigquery.jobs.create
    bigquery.jobs.get
    bigquery.jobs.list
    bigquery.jobs.listAll
    bigquery.jobs.update
    
  3. Create serviceaccount for kaldea system and attach the roles :

    1. kaldea-system.pii-management
    2. kaldea-system.bigquery-jobs
    3. bigquery.dataEditor
      1. (This pre-defined role from GCP is also a requirement!)
    4. Optional (External Table)
      1. storage.objectViewer
        1. (This pre-defined role from GCP is also a requirement if you are using an external table with gcs)
      2. bigtable.reader
        1. (This pre-defined role from GCP is also a requirementIf you are using an external table with bigtable)

Required Permission : kaldea-default

  1. Create kaldea.bigquery-jobs role on GCP. The following is a list of required permissions for managing BigQuery jobs:

    bigquery.jobs.create
    bigquery.jobs.get
    bigquery.jobs.list
    bigquery.jobs.listAll
    bigquery.jobs.update
    
  2. Create serviceaccount for kaldea system and attach the roles :

    1. kaldea-system.bigquery-jobs
    2. bigquery.dataEditor
      1. (This pre-defined role from GCP is also a requirement!)
    3. Optional (External Table)
      1. storage.objectViewer
        1. (This pre-defined role from GCP is also a requirement if you are using an external table with gcs)
      2. bigtable.reader
        1. (This pre-defined role from GCP is also a requirementIf you are using an external table with bigtable)

Required Permission for : personal

You need a superset of the permission provided for kaldea-default.

For those who needs access to columns access-controlled by policy tags, Fine-Grained Reader role is required. Please refer to the background information above.


Integrating within Kaldea Interface

Given the above steps are completed, you now have :

  • Credential key(.json) for kaldea-system
  • Credential key(.json) for kaldea-default