Skip to main content

GCP BigQuery

You can provide Sundial Read-Only access to your existing BigQuery Datasets or Tables. Alternatively you can create a separate BigQuery Dataset to store the tables which you would like to share with Sundial.

Sundial internally creates a dedicated GCP IAM Service Account for your organization in the format <name>@<project-name>.iam.gserviceaccount.com. You can copy this service account email from the connector creation form if enabled, or Sundial will send it to you via email otherwise. Grant permissions to the service account following the steps below.

Read-Only Permissions

Give Read-Only access to your BigQuery Dataset or BigQuery Tables to the Sundial IAM Service Account. The required role is Bigquery Data Viewer.

Grant access to an entire dataset:

GRANT `roles/bigquery.dataViewer` 
ON SCHEMA `<project_name.dataset_name>` 
TO 'serviceAccount:<name>@<project-name>.iam.gserviceaccount.com'

Grant access to a specific table:

GRANT `roles/bigquery.dataViewer` 
ON TABLE `<project_name.dataset_name.table_name>` 
TO 'serviceAccount:<name>@<project-name>.iam.gserviceaccount.com'

Replace project_name, dataset_name, table_name, and the service account email with your actual values. The service account email mentioned here is the Sundial service account.

info

If you wish to provide access to all the datasets in your project, grant the Bigquery Metadata Viewer role on the service account instead.

Write Space (Optional)

Sundial can store generated Standard Product Metrics into your BigQuery. If this is required, please provide the Sundial service account write access to a BigQuery Dataset. The required role is Bigquery Data Editor.

CREATE SCHEMA `<project_name>.sundial_data`
GRANT `roles/bigquery.dataEditor`
ON SCHEMA `<project_name>.sundial_scratch`
TO 'serviceAccount:<name>@<project-name>.iam.gserviceaccount.com'

Replace project_name and the service account email with your actual values. The sundial_data dataset will be used by Sundial for storing generated metrics with read-write access.

What to share with Sundial

Provide the following information in the BigQuery connector setup form if enabled, or share them with Sundial via email and/or secure vault or secrets store otherwise.

Project Id: The ID of your BigQuery project
Dataset Name (Optional): The name of your BigQuery dataset that you have provided access to
Table ID (Optional): The ID of your BigQuery table that you have provided access to
Still have questions?
Write to support@sundial.so