Data Catalog roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Data Catalog. To search through all roles and permissions, see the role and permission index.

Data Catalog roles

Role Permissions

Role	Permissions
Data Catalog Admin (`roles/datacatalog.admin`) Full access to all DataCatalog resources	`bigquery.connections.get` `bigquery.connections.updateTag` `bigquery.datasets.get` `bigquery.datasets.updateTag` `bigquery.models.getMetadata` `bigquery.models.updateTag` `bigquery.routines.get` `bigquery.routines.updateTag` `bigquery.tables.get` `bigquery.tables.updateTag` `datacatalog.catalogs.searchAll` `datacatalog.categories.getIamPolicy` `datacatalog.categories.setIamPolicy` `datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.entryGroups.` `datacatalog.entryGroups.create` `datacatalog.entryGroups.delete` `datacatalog.entryGroups.get` `datacatalog.entryGroups.getIamPolicy` `datacatalog.entryGroups.list` `datacatalog.entryGroups.setIamPolicy` `datacatalog.entryGroups.update` `datacatalog.entryGroups.updateTag` `datacatalog.migrationConfig.` `datacatalog.migrationConfig.get` `datacatalog.migrationConfig.set` `datacatalog.operations.list` `datacatalog.relationships.` `datacatalog.relationships.create` `datacatalog.relationships.createBelongsTo` `datacatalog.relationships.createIsDescribedBy` `datacatalog.relationships.createIsRelatedTo` `datacatalog.relationships.createIsSynonymousTo` `datacatalog.relationships.delete` `datacatalog.relationships.deleteBelongsTo` `datacatalog.relationships.deleteIsDescribedBy` `datacatalog.relationships.deleteIsRelatedTo` `datacatalog.relationships.deleteIsSynonymousTo` `datacatalog.relationships.list` `datacatalog.tagTemplates.` `datacatalog.tagTemplates.create` `datacatalog.tagTemplates.delete` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getIamPolicy` `datacatalog.tagTemplates.getTag` `datacatalog.tagTemplates.setIamPolicy` `datacatalog.tagTemplates.update` `datacatalog.tagTemplates.use` `datacatalog.taxonomies.` `datacatalog.taxonomies.create` `datacatalog.taxonomies.delete` `datacatalog.taxonomies.get` `datacatalog.taxonomies.getIamPolicy` `datacatalog.taxonomies.list` `datacatalog.taxonomies.setIamPolicy` `datacatalog.taxonomies.update` `dataplex.projects.search` `pubsub.topics.get` `pubsub.topics.updateTag` `resourcemanager.projects.get` `resourcemanager.projects.list`
Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Manage taxonomies	`datacatalog.categories.getIamPolicy` `datacatalog.categories.setIamPolicy` `datacatalog.taxonomies.*` `datacatalog.taxonomies.create` `datacatalog.taxonomies.delete` `datacatalog.taxonomies.get` `datacatalog.taxonomies.getIamPolicy` `datacatalog.taxonomies.list` `datacatalog.taxonomies.setIamPolicy` `datacatalog.taxonomies.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Fine-Grained Reader (`roles/datacatalog.categoryFineGrainedReader`) Read access to sub-resources tagged by a policy tag, for example, BigQuery columns	`datacatalog.categories.fineGrainedGet`
DataCatalog Data Steward ^Beta (`roles/datacatalog.dataSteward`) Can update overview and data steward fields	`datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.entries.updateContacts` `datacatalog.entries.updateOverview` `datacatalog.entryGroups.get` `datacatalog.migrationConfig.get` `datacatalog.relationships.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) Can create new entryGroups	`datacatalog.entryGroups.create` `datacatalog.entryGroups.get` `datacatalog.entryGroups.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Full access to entryGroups	`datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.entryGroups.` `datacatalog.entryGroups.create` `datacatalog.entryGroups.delete` `datacatalog.entryGroups.get` `datacatalog.entryGroups.getIamPolicy` `datacatalog.entryGroups.list` `datacatalog.entryGroups.setIamPolicy` `datacatalog.entryGroups.update` `datacatalog.entryGroups.updateTag` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) Full access to entries	`datacatalog.entries.*` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.entryGroups.get` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) Read access to entries	`datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.entryGroups.get` `datacatalog.migrationConfig.get` `datacatalog.relationships.list` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Glossary Owner ^Beta (`roles/datacatalog.glossaryOwner`) Full access to glossaries	`datacatalog.entries.` `datacatalog.entries.create` `datacatalog.entries.createGlossary` `datacatalog.entries.createGlossaryCategory` `datacatalog.entries.createGlossaryTerm` `datacatalog.entries.delete` `datacatalog.entries.deleteGlossary` `datacatalog.entries.deleteGlossaryCategory` `datacatalog.entries.deleteGlossaryTerm` `datacatalog.entries.get` `datacatalog.entries.getIamPolicy` `datacatalog.entries.list` `datacatalog.entries.setIamPolicy` `datacatalog.entries.update` `datacatalog.entries.updateContacts` `datacatalog.entries.updateGlossary` `datacatalog.entries.updateGlossaryCategory` `datacatalog.entries.updateGlossaryTerm` `datacatalog.entries.updateOverview` `datacatalog.entries.updateTag` `datacatalog.relationships.` `datacatalog.relationships.create` `datacatalog.relationships.createBelongsTo` `datacatalog.relationships.createIsDescribedBy` `datacatalog.relationships.createIsRelatedTo` `datacatalog.relationships.createIsSynonymousTo` `datacatalog.relationships.delete` `datacatalog.relationships.deleteBelongsTo` `datacatalog.relationships.deleteIsDescribedBy` `datacatalog.relationships.deleteIsRelatedTo` `datacatalog.relationships.deleteIsSynonymousTo` `datacatalog.relationships.list` `dataplex.projects.search`
DataCatalog Glossary User ^Beta (`roles/datacatalog.glossaryUser`) Can view glossaries and associate terms to entries	`datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.relationships.*` `datacatalog.relationships.create` `datacatalog.relationships.createBelongsTo` `datacatalog.relationships.createIsDescribedBy` `datacatalog.relationships.createIsRelatedTo` `datacatalog.relationships.createIsSynonymousTo` `datacatalog.relationships.delete` `datacatalog.relationships.deleteBelongsTo` `datacatalog.relationships.deleteIsDescribedBy` `datacatalog.relationships.deleteIsRelatedTo` `datacatalog.relationships.deleteIsSynonymousTo` `datacatalog.relationships.list` `dataplex.projects.search`
DataCatalog Migration Config Admin (`roles/datacatalog.migrationConfigAdmin`) Full access to Migration Config	`datacatalog.migrationConfig.*` `datacatalog.migrationConfig.get` `datacatalog.migrationConfig.set` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
DataCatalog Search Admin (`roles/datacatalog.searchAdmin`) Can search all metadata for a project/org in DataCatalog	`datacatalog.catalogs.searchAll` `dataplex.projects.search` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) Access to modify metadata tags for entries, as well as BigQuery and Pub/Sub data assets	`bigquery.connections.updateTag` `bigquery.datasets.updateTag` `bigquery.models.updateTag` `bigquery.routines.updateTag` `bigquery.tables.updateTag` `datacatalog.entries.updateTag` `datacatalog.entryGroups.updateTag` `pubsub.topics.updateTag`
Data Catalog TagTemplate Creator (`roles/datacatalog.tagTemplateCreator`) Access to create new tag templates	`datacatalog.tagTemplates.create` `datacatalog.tagTemplates.get` `dataplex.projects.search`
Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Full access to tag templates	`datacatalog.tagTemplates.*` `datacatalog.tagTemplates.create` `datacatalog.tagTemplates.delete` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getIamPolicy` `datacatalog.tagTemplates.getTag` `datacatalog.tagTemplates.setIamPolicy` `datacatalog.tagTemplates.update` `datacatalog.tagTemplates.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Access to apply a tag template to an entry (to modify tags, see Data Catalog Tag Editor)	`datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getTag` `datacatalog.tagTemplates.use` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog TagTemplate Viewer (`roles/datacatalog.tagTemplateViewer`) Read access to templates and tags created using the templates	`datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getTag` `dataplex.projects.search` `resourcemanager.projects.get` `resourcemanager.projects.list`
Data Catalog Viewer (`roles/datacatalog.viewer`) Provides metadata read access to catalogued Google Cloud assets for BigQuery and Pub/Sub	`bigquery.connections.get` `bigquery.datasets.get` `bigquery.models.getMetadata` `bigquery.routines.get` `bigquery.tables.get` `datacatalog.entries.get` `datacatalog.entries.list` `datacatalog.entryGroups.get` `datacatalog.entryGroups.list` `datacatalog.migrationConfig.get` `datacatalog.operations.list` `datacatalog.relationships.list` `datacatalog.tagTemplates.get` `datacatalog.tagTemplates.getTag` `datacatalog.taxonomies.get` `datacatalog.taxonomies.list` `dataplex.projects.search` `pubsub.topics.get` `resourcemanager.projects.get` `resourcemanager.projects.list`

Data Catalog Admin

(roles/datacatalog.admin)

Full access to all DataCatalog resources

bigquery.connections.get

bigquery.connections.updateTag

bigquery.datasets.get

bigquery.datasets.updateTag

bigquery.models.getMetadata

bigquery.models.updateTag

bigquery.routines.get

bigquery.routines.updateTag

bigquery.tables.get

bigquery.tables.updateTag

datacatalog.catalogs.searchAll

datacatalog.categories.getIamPolicy

datacatalog.categories.setIamPolicy

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.entryGroups.*

datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.list
datacatalog.entryGroups.setIamPolicy
datacatalog.entryGroups.update
datacatalog.entryGroups.updateTag

datacatalog.migrationConfig.*

datacatalog.migrationConfig.get
datacatalog.migrationConfig.set

datacatalog.operations.list

datacatalog.relationships.*

datacatalog.relationships.create
datacatalog.relationships.createBelongsTo
datacatalog.relationships.createIsDescribedBy
datacatalog.relationships.createIsRelatedTo
datacatalog.relationships.createIsSynonymousTo
datacatalog.relationships.delete
datacatalog.relationships.deleteBelongsTo
datacatalog.relationships.deleteIsDescribedBy
datacatalog.relationships.deleteIsRelatedTo
datacatalog.relationships.deleteIsSynonymousTo
datacatalog.relationships.list

datacatalog.tagTemplates.*

datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use

datacatalog.taxonomies.*

datacatalog.taxonomies.create
datacatalog.taxonomies.delete
datacatalog.taxonomies.get
datacatalog.taxonomies.getIamPolicy
datacatalog.taxonomies.list
datacatalog.taxonomies.setIamPolicy
datacatalog.taxonomies.update

dataplex.projects.search

pubsub.topics.get

pubsub.topics.updateTag

resourcemanager.projects.get

resourcemanager.projects.list

Policy Tag Admin

(roles/datacatalog.categoryAdmin)

Manage taxonomies

datacatalog.categories.getIamPolicy

datacatalog.categories.setIamPolicy

datacatalog.taxonomies.*

datacatalog.taxonomies.create
datacatalog.taxonomies.delete
datacatalog.taxonomies.get
datacatalog.taxonomies.getIamPolicy
datacatalog.taxonomies.list
datacatalog.taxonomies.setIamPolicy
datacatalog.taxonomies.update

resourcemanager.projects.get

resourcemanager.projects.list

Fine-Grained Reader

(roles/datacatalog.categoryFineGrainedReader)

Read access to sub-resources tagged by a policy tag, for example, BigQuery columns

datacatalog.categories.fineGrainedGet

DataCatalog Data Steward ^Beta

(roles/datacatalog.dataSteward)

Can update overview and data steward fields

datacatalog.entries.get

datacatalog.entries.list

datacatalog.entries.updateContacts

datacatalog.entries.updateOverview

datacatalog.entryGroups.get

datacatalog.migrationConfig.get

datacatalog.relationships.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog EntryGroup Creator

(roles/datacatalog.entryGroupCreator)

Can create new entryGroups

datacatalog.entryGroups.create

datacatalog.entryGroups.get

datacatalog.entryGroups.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog EntryGroup Owner

(roles/datacatalog.entryGroupOwner)

Full access to entryGroups

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.entryGroups.*

datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.list
datacatalog.entryGroups.setIamPolicy
datacatalog.entryGroups.update
datacatalog.entryGroups.updateTag

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Entry Owner

(roles/datacatalog.entryOwner)

Full access to entries

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.entryGroups.get

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Entry Viewer

(roles/datacatalog.entryViewer)

Read access to entries

datacatalog.entries.get

datacatalog.entries.list

datacatalog.entryGroups.get

datacatalog.migrationConfig.get

datacatalog.relationships.list

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Glossary Owner ^Beta

(roles/datacatalog.glossaryOwner)

Full access to glossaries

datacatalog.entries.*

datacatalog.entries.create
datacatalog.entries.createGlossary
datacatalog.entries.createGlossaryCategory
datacatalog.entries.createGlossaryTerm
datacatalog.entries.delete
datacatalog.entries.deleteGlossary
datacatalog.entries.deleteGlossaryCategory
datacatalog.entries.deleteGlossaryTerm
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateContacts
datacatalog.entries.updateGlossary
datacatalog.entries.updateGlossaryCategory
datacatalog.entries.updateGlossaryTerm
datacatalog.entries.updateOverview
datacatalog.entries.updateTag

datacatalog.relationships.*

datacatalog.relationships.create
datacatalog.relationships.createBelongsTo
datacatalog.relationships.createIsDescribedBy
datacatalog.relationships.createIsRelatedTo
datacatalog.relationships.createIsSynonymousTo
datacatalog.relationships.delete
datacatalog.relationships.deleteBelongsTo
datacatalog.relationships.deleteIsDescribedBy
datacatalog.relationships.deleteIsRelatedTo
datacatalog.relationships.deleteIsSynonymousTo
datacatalog.relationships.list

dataplex.projects.search

DataCatalog Glossary User ^Beta

(roles/datacatalog.glossaryUser)

Can view glossaries and associate terms to entries

datacatalog.entries.get

datacatalog.entries.list

datacatalog.relationships.*

datacatalog.relationships.create
datacatalog.relationships.createBelongsTo
datacatalog.relationships.createIsDescribedBy
datacatalog.relationships.createIsRelatedTo
datacatalog.relationships.createIsSynonymousTo
datacatalog.relationships.delete
datacatalog.relationships.deleteBelongsTo
datacatalog.relationships.deleteIsDescribedBy
datacatalog.relationships.deleteIsRelatedTo
datacatalog.relationships.deleteIsSynonymousTo
datacatalog.relationships.list

dataplex.projects.search

DataCatalog Migration Config Admin

(roles/datacatalog.migrationConfigAdmin)

Full access to Migration Config

datacatalog.migrationConfig.*

datacatalog.migrationConfig.get
datacatalog.migrationConfig.set

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

DataCatalog Search Admin

(roles/datacatalog.searchAdmin)

Can search all metadata for a project/org in DataCatalog

datacatalog.catalogs.searchAll

dataplex.projects.search

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog Tag Editor

(roles/datacatalog.tagEditor)

Access to modify metadata tags for entries, as well as BigQuery and Pub/Sub data assets

bigquery.connections.updateTag

bigquery.datasets.updateTag

bigquery.models.updateTag

bigquery.routines.updateTag

bigquery.tables.updateTag

datacatalog.entries.updateTag

datacatalog.entryGroups.updateTag

pubsub.topics.updateTag

Data Catalog TagTemplate Creator

(roles/datacatalog.tagTemplateCreator)

Access to create new tag templates

datacatalog.tagTemplates.create

datacatalog.tagTemplates.get

dataplex.projects.search

Data Catalog TagTemplate Owner

(roles/datacatalog.tagTemplateOwner)

Full access to tag templates

datacatalog.tagTemplates.*

datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog TagTemplate User

(roles/datacatalog.tagTemplateUser)

Access to apply a tag template to an entry (to modify tags, see Data Catalog Tag Editor)

datacatalog.tagTemplates.get

datacatalog.tagTemplates.getTag

datacatalog.tagTemplates.use

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog TagTemplate Viewer

(roles/datacatalog.tagTemplateViewer)

Read access to templates and tags created using the templates

datacatalog.tagTemplates.get

datacatalog.tagTemplates.getTag

dataplex.projects.search

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog Viewer

(roles/datacatalog.viewer)

Provides metadata read access to catalogued Google Cloud assets for BigQuery and Pub/Sub

bigquery.connections.get

bigquery.datasets.get

bigquery.models.getMetadata

bigquery.routines.get

bigquery.tables.get

datacatalog.entries.get

datacatalog.entries.list

datacatalog.entryGroups.get

datacatalog.entryGroups.list

datacatalog.migrationConfig.get

datacatalog.operations.list

datacatalog.relationships.list

datacatalog.tagTemplates.get

datacatalog.tagTemplates.getTag

datacatalog.taxonomies.get

datacatalog.taxonomies.list

dataplex.projects.search

pubsub.topics.get

resourcemanager.projects.get

resourcemanager.projects.list

Data Catalog permissions

Permission	Included in roles
`datacatalog.catalogs.searchAll`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Search Admin (`roles/datacatalog.searchAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.categories.fineGrainedGet`	Fine-Grained Reader (`roles/datacatalog.categoryFineGrainedReader`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.categories.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.categories.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.entries.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.createGlossary`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.createGlossaryCategory`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.createGlossaryTerm`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.deleteGlossary`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.deleteGlossaryCategory`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.deleteGlossaryTerm`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.entries.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.entries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.entries.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) Security Admin (`roles/iam.securityAdmin`)
`datacatalog.entries.update`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateContacts`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateGlossary`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateGlossaryCategory`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateGlossaryTerm`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateOverview`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`)
`datacatalog.entries.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datacatalog.entryGroups.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`)
`datacatalog.entryGroups.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`)
`datacatalog.entryGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) DataCatalog Entry Owner (`roles/datacatalog.entryOwner`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) Data Catalog Viewer (`roles/datacatalog.viewer`)
`datacatalog.entryGroups.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.entryGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Creator (`roles/datacatalog.entryGroupCreator`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.entryGroups.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Security Admin (`roles/iam.securityAdmin`)
`datacatalog.entryGroups.update`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`)
`datacatalog.entryGroups.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog EntryGroup Owner (`roles/datacatalog.entryGroupOwner`) Data Catalog Tag Editor (`roles/datacatalog.tagEditor`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`)
`datacatalog.migrationConfig.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Migration Config Admin (`roles/datacatalog.migrationConfigAdmin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Dataplex Aspect Type Owner (`roles/dataplex.aspectTypeOwner`) Dataplex Aspect Type User (`roles/dataplex.aspectTypeUser`) Dataplex Catalog Admin (`roles/dataplex.catalogAdmin`) Dataplex Catalog Editor (`roles/dataplex.catalogEditor`) Dataplex Catalog Viewer (`roles/dataplex.catalogViewer`) Dataplex Entry Group Owner (`roles/dataplex.entryGroupOwner`) Dataplex Entry and EntryLink Owner (`roles/dataplex.entryOwner`) Dataplex Entry Type Owner (`roles/dataplex.entryTypeOwner`) Dataplex Entry Type User (`roles/dataplex.entryTypeUser`)
`datacatalog.migrationConfig.set`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Migration Config Admin (`roles/datacatalog.migrationConfigAdmin`)
`datacatalog.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.relationships.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createBelongsTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createIsDescribedBy`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createIsRelatedTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.createIsSynonymousTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteBelongsTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteIsDescribedBy`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteIsRelatedTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.deleteIsSynonymousTo`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`)
`datacatalog.relationships.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) DataCatalog Data Steward (`roles/datacatalog.dataSteward`) DataCatalog Entry Viewer (`roles/datacatalog.entryViewer`) DataCatalog Glossary Owner (`roles/datacatalog.glossaryOwner`) DataCatalog Glossary User (`roles/datacatalog.glossaryUser`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.tagTemplates.create`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Creator (`roles/datacatalog.tagTemplateCreator`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Creator (`roles/datacatalog.tagTemplateCreator`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Data Catalog TagTemplate Viewer (`roles/datacatalog.tagTemplateViewer`) Data Catalog Viewer (`roles/datacatalog.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.getTag`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) Data Catalog TagTemplate Viewer (`roles/datacatalog.tagTemplateViewer`) Data Catalog Viewer (`roles/datacatalog.viewer`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Security Admin (`roles/iam.securityAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.update`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.tagTemplates.use`	Owner (`roles/owner`) Editor (`roles/editor`) Data Catalog Admin (`roles/datacatalog.admin`) Data Catalog TagTemplate Owner (`roles/datacatalog.tagTemplateOwner`) Data Catalog TagTemplate User (`roles/datacatalog.tagTemplateUser`) DLP Organization Data Profiles Driver (`roles/dlp.orgdriver`) DLP Project Data Profiles Driver (`roles/dlp.projectdriver`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. DLP API Service Agent (`roles/dlp.serviceAgent`)
`datacatalog.taxonomies.create`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.taxonomies.delete`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.taxonomies.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`) Cloud Deployment Manager Service Agent (`roles/clouddeploymentmanager.serviceAgent`)
`datacatalog.taxonomies.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`)
`datacatalog.taxonomies.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Data Catalog Viewer (`roles/datacatalog.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)
`datacatalog.taxonomies.setIamPolicy`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Security Admin (`roles/iam.securityAdmin`)
`datacatalog.taxonomies.update`	Owner (`roles/owner`) Data Catalog Admin (`roles/datacatalog.admin`) Policy Tag Admin (`roles/datacatalog.categoryAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Cloud Dataplex Service Agent (`roles/dataplex.serviceAgent`)

Data Catalog roles and permissions Stay organized with collections Save and categorize content based on your preferences.