Dot
Ask or search…
K
Links
Comment on page

BigQuery

Prerequisites

You’ll need to have a Google Cloud Platform account with a project you would like Dot to use. Consult the Google Cloud Platform documentation for how to create and manage a project. This project should have a BigQuery dataset for Dot to connect to.

Create a service account

Create a service account that you manage in your Google Cloud account. This account should be provisioned with the following read-only roles:
  • bigquery.dataViewer
  • bigquery.jobUser
  • bigquery.readSessionUser
You'll need to provide the service account's email, a JSON-formatted key, and the location of your BigQuery instance.

Granting permissions

The service account also needs the appropriate read-only roles.
The easiest way to grant these roles is through the Google Cloud Shell.
First, we'll create a custom role for Dot-related permissions and then bind it to the service account that you're using. We'll also bind read-only BigQuery roles to the service account.
1. Create a Dot custom role
gcloud iam roles create DotMonitor \
--project={{PROJECT_ID}} \
--title=DotMonitor \
--description="Dot specific permissions" \
--permissions=bigquery.jobs.listAll,bigquery.jobs.list
Note that the {{PROJECT_ID}} placeholder needs to be replaced with your project id.
2. Bind the custom role to a service account and apply read-only BQ roles
gcloud projects add-iam-policy-binding {{PROJECT_ID}} \
--member="serviceAccount:{{SERVICE_ACCOUNT}}" \
--role="projects/{{PROJECT_ID}}/roles/DotMonitor"
gcloud projects add-iam-policy-binding {{PROJECT_ID}} \
--member="serviceAccount:{{SERVICE_ACCOUNT}}" \
--role="roles/bigquery.dataViewer"
gcloud projects add-iam-policy-binding {{PROJECT_ID}} \
--member="serviceAccount:{{SERVICE_ACCOUNT}}" \
--role="roles/bigquery.jobUser"
gcloud projects add-iam-policy-binding {{PROJECT_ID}} \
--member="serviceAccount:{{SERVICE_ACCOUNT}}" \
--role="roles/bigquery.readSessionUser"
Note that the {{SERVICE_ACCOUNT}} and {{PROJECT_ID}} placeholders needs to be replaced with your service account and project id, respectively.

Allow Dot IPs

If your organization uses a network policy to manage BigQuery access, Dot will only access your BigQuery through the following IPs:
  • 3.229.110.216
  • 3.122.135.165
Last modified 3mo ago